HC3 Analyst Note TLP White: PPE-Themed Phishing Campaign Exploits COVID Shortages to Spread Malware

August 27, 2020

A new phishing campaign is using COVID-19 personal protective equipment (PPE)-themed lures to spread Agent Tesla malware. This difficult-to-detect remote access Trojan (RAT) provides attackers with a dashboard to monitor the malware’s keylogging and information stealing capabilities. The sophisticated malware campaign uses a 10-day cycle of rotated IP addresses and malware hashes to evade detection and increase the chances that a victim downloads and executes the malware. While the attackers have used a similar email body text throughout the campaign, the phishing emails imitate employees at actual chemical manufacture and import/export companies. Organizations should train their employees to avoid opening and executing email attachments and immediately scan any devices suspected to be infected.

Related Resources

Advancing Health Podcast
Dr. Estes talks with Dr. David W. Zaas, CEO of MUSC Health - Charleston Division and Chief Clinical Officer for MUSC Health, to discuss COVID-19’s impact on…
Action Alert
New definition will have adverse effect on hospitals, especially those serving rural and vulnerable communities Please contact your senators and…
Special Bulletin
House Democrats last night unveiled a new version of the Health and Economic Recovery Omnibus Emergency Solutions (HEROES) Act – a $2.2 trillion COVID-19…
AHA and other organizations representing the nation’s clinicians, hospitals, health systems and experts in health informatics and health information management…
Issue Landing Page
See below for the latest AHA members-only information to help hospital and health system leaders respond to the COVID-19 pandemic. For a comprehensive…
Issue Landing Page
See below for the latest information about what hospital and health system leaders should know in regards to supplies and personal protective equipment…