The latest signed campaign uses SHOECORP LIMITED corporate certificates to trick anti-viruses and download malware.
New Agent Tesla malspam campaign. The lure is a “purchase order”. The .gz attachment activates the malware infection chain
Agent Tesla has been spread globally by cybercrime with the “purchase order” lure. The cybersecurity expert Mich found new malspam campaign with fake mail coming from a real company in Taiwan. The objective is to let the victim open the . gz attachment. Inside there is the executable malware. The goal of cyber criminals is to use it to steal sensitive data from victims. This, in fact, through the keylogger function, is able to acquire everything that the user types. It can also steal email and browser credentials, as well as take screenshots. Finally, it has the ability to remotely issue commands on the infected PC, such as downloading additional payloads or updating those present.