/plushcap/analysis/cloudflare/facemask-phishing-delivers-malware

“Face mask manufacturer” supplies Agent Tesla Malware: campaign employs Covid-19 lures and sophisticated evasion techniques

What's this blog post about?

A recent phishing campaign has been exploiting the high demand for face masks and forehead thermometers during the COVID-19 pandemic. The attacker sends email attachments infected with Agent Tesla malware, an advanced Remote Access Trojan (RAT), to various companies under the guise of a mask production business venture. These phishing messages are designed to appear authentic by impersonating real employees at various companies and including accurate mailing and contact details. The attachment is manipulated to make it appear legitimate, often as a PDF file, when in fact it's a compressed executable containing the malware. Once downloaded, victims may only see "Supplier-Face Mask Forehead Thermometer.pdf", which is the actual file name. To further reduce suspicion, the attacker uses a double extension to trick targets into thinking the file is a PDF when it's actually an executable.

Company
Cloudflare

Date published
Aug. 27, 2020

Author(s)
Elaine Dzuba

Word count
1667

Language
English

Hacker News points
None found.


By Matt Makai. 2021-2024.