“Face mask manufacturer” supplies Agent Tesla Malware: campaign employs Covid-19 lures and sophisticated evasion techniques

A recent phishing campaign has been exploiting the high demand for face masks and forehead thermometers during the COVID-19 pandemic. The attacker sends email attachments infected with Agent Tesla malware, an advanced Remote Access Trojan (RAT), to various companies under the guise of a mask production business venture. These phishing messages are designed to appear authentic by impersonating real employees at various companies and including accurate mailing and contact details. The attachment is manipulated to make it appear legitimate, often as a PDF file, when in fact it's a compressed executable containing the malware. Once downloaded, victims may only see "Supplier-Face Mask Forehead Thermometer.pdf", which is the actual file name. To further reduce suspicion, the attacker uses a double extension to trick targets into thinking the file is a PDF when it's actually an executable.