FBI and CISA cybersecurity experts: malicious hackers are trying steal sensitive information, acquire user credentials, and gain persistent access to victim networks.
Technical analysis by the Malware Hunter JAMESWT
The courier-themed Agent Tesla campaign is back. The bait is a fake DHL shipment. The attachment, if opened, contacts a link from which the malware is downloaded and the data is exfiltrated via SMTP
Agent Tesla returns to its global campaign with a courier-themed trap. The bait is the alleged receipt of a shipment from DHL, attached to the email. It is a .doc file which, if opened, contacts a link from which the malware is downloaded. The goal of cybercrime is to use it to steal sensitive data from victims, which is then exfiltrated via SMTP. Agent Tesla, in fact, through the keylogger function, is able to acquire everything that the user types. It can also steal browser emails and credentials and take screenshots. Finally, it has the ability to remotely issue commands on the infected PC, such as downloading additional payloads or updating existing ones.
The fake DHL mail
The communication via SMTP