skip to Main Content

Cybercrime, Agent Tesla conveyed by the confirmation of the bank details

Technical analysis by the Malware Hunter JAMESWT

Agent Tesla conveyed by the confirmation of the bank details. The email ACE attachment contains an exe: the malware itself. Stolen data is exfiltrated via smtp

“RE: Payment Update // Bank Detail Confirmation – TOP URGENT !!!” is the subject of an email that conveys the latest AgentTesla global campaign.

The message Ace attachment contains an executable file: the malware itself. This, if opened, activates the infection. The information stolen from the victim’s computer is then exfiltrated by cybercrime via smtp.

Agent Tesla, in fact, through the keylogger function, is able to acquire everything the user types. Furthermore, it can steal browser emails and credentials and take screenshots. Finally, it has the ability to remotely issue commands on the infected PC, such as downloading additional payloads or updating existing ones.

Back To Top