Malwarebytes cybersecurity experts: The malware campaign exploits Google searches on AnyDesk with a decoy site and a legitimate marketing platform.
Technical analysis by the Malware Hunter JAMESWT
Agent Tesla is hiding in a fake “FW:Order” email. The gz attachment contains an exe file: the malware itself. Data is stolen via FTP
AgentTesla is hiding in a fake email with the subject “FW: Order”.
The Gz attachment contains an exe file: the malware itself.
This, if open, activates the infection chain. The stolen data is then exfiltrated via FTP.
AgentTesla, through the keylogger function, is able to acquire everything the user types. Furthermore, it can steal browser emails and credentials and take screenshots. Finally, it has the ability to remotely issue commands on the infected PC, such as downloading additional payloads or updating existing ones.