HC3 Analyst Note TLP White: PPE-Themed Phishing Campaign Exploits COVID Shortages to Spread Malware

August 27, 2020

A new phishing campaign is using COVID-19 personal protective equipment (PPE)-themed lures to spread Agent Tesla malware. This difficult-to-detect remote access Trojan (RAT) provides attackers with a dashboard to monitor the malware’s keylogging and information stealing capabilities. The sophisticated malware campaign uses a 10-day cycle of rotated IP addresses and malware hashes to evade detection and increase the chances that a victim downloads and executes the malware. While the attackers have used a similar email body text throughout the campaign, the phishing emails imitate employees at actual chemical manufacture and import/export companies. Organizations should train their employees to avoid opening and executing email attachments and immediately scan any devices suspected to be infected.

Related Resources

Special Bulletin
Public
The Food and Drug Administration today urged health care facilities to transition away from using crisis capacity conservation strategies, such as…
Advisory
Public
The Centers for Medicare…
Advancing Health Podcast
Public
Dr. Hochman was joined in March by Alvin Hoover, CEO of King’s Daughters Medical Center in Brookhaven, Miss., who is serving on the front lines of rural health…
Advancing Health Podcast
Public
Throughout the COVID-19 hospitals and health systems have been forging new partnerships with stakeholders to ensure ongoing care for their patients, health…
Advisory
Public
A roundup of new resources for increasing the public’s confidence in COVID-19 vaccines.
Letter/Comment
Public
AHA shares initial recommendations for priorities to include in infrastructure legislative package.