skip to Main Content

Cybercrime, the courier-themed AgentTesla campaign now leverages TNT

Courier-themed AgentTesla campaign now leverages TNT. The ace attachment of the email, that simulates an invoice, contains an exe: the malware. Stolen data is exfiltrated via the Telegram API, the same of the last wave

AgentTesla continues to be the protagonist of a courier-themed campaign. The first email simulated FedEx, then the cybercrime actors behind the attacks switched to TNT.

The scheme, however, remains the same. The attached invoice an ace file contains an exe: the malware. The stolen data is then exfiltrated via the Telegram API, the same of the last wave.

The AgentTesla campaign, which uses real emails from engineering and machinery companies in the Middle East, continues. The img attachment contains an exe file: the malware. The stolen data is then exfiltrated via the same FTP address linked to the previous waves. AgentTesla, through the keylogger function, is able to acquire everything the user types. Furthermore, it can steal browser emails and credentials and take screenshots. Finally, it has the ability to remotely issue commands on the infected PC, such as downloading additional payloads or updating existing ones.

Back To Top