AgentTesla exploits Discord in a new “China” PO campaign. The link in the photo of the “Purchase Order No. 4500016771 Dtd 10/03/2023” email points to a url that downloads an exe: the malware. Stolen data is exfiltrated via SMTP to an email

A Purchase Offer (PO) from China is the new bait for an AgentTesla campaign, which passes for a false document on discord.

The link in the photo attached to the “Purchase Order No. 4500016771 Dtd 10/03/2023” email points to a url that from discord downloads the “Order No. 4500016771 Dtd 10032023” exe file: the malware. The stolen data is then exfiltrated via SMTP to a Russian email address.

AgentTesla, through the keylogger function, is able to acquire everything the user types. Also, it can steal emails and browser credentials and take screenshots. Finally, it has the ability to remotely issue commands to the infected PC, such as downloading additional payloads or updating existing ones.