It asks to open a link to revise an agreement. It lands to a website that simulates the victim’s organization homepage, in which the user has only to digit the password.
Courier-themed AgentTesla campaign now leverages TNT. The ace attachment of the email, that simulates an invoice, contains an exe: the malware. Stolen data is exfiltrated via the Telegram API, the same of the last wave
AgentTesla continues to be the protagonist of a courier-themed campaign. The first email simulated FedEx, then the cybercrime actors behind the attacks switched to TNT.
The scheme, however, remains the same. The attached invoice an ace file contains an exe: the malware. The stolen data is then exfiltrated via the Telegram API, the same of the last wave.
The AgentTesla campaign, which uses real emails from engineering and machinery companies in the Middle East, continues. The img attachment contains an exe file: the malware. The stolen data is then exfiltrated via the same FTP address linked to the previous waves. AgentTesla, through the keylogger function, is able to acquire everything the user types. Furthermore, it can steal browser emails and credentials and take screenshots. Finally, it has the ability to remotely issue commands on the infected PC, such as downloading additional payloads or updating existing ones.