skip to Main Content

Cybercrime, Agent Tesla is now spread in Italy with curriculum vitae

Technical analysis by the Malware Hunter JAMESWT

Agent Tesla is now sent to Italy with the curriculum vitae. Fake email from an alleged “professional technical employee” with .ace attachment. Inside there is an executable with malware. The data is exfiltrated via email

Agent Tesla is now hiding behind an alleged “professional technical employee”. The latest cybercrime campaign to distribute malware in Italy uses an email with an attached curriculum vitae in .ace format. This contains within it the executable of the malware. The goal of cyber criminals is to use it to steal sensitive data from victims, which are then exfiltrated via email to a fixed address. Agent Tesla, in fact, through the keylogger function, is able to acquire everything the user types. It can also steal email and browser credentials, and take screenshots. Finally, it has the ability to remotely issue commands on the infected PC, such as downloading additional payloads or updating those present.

The mail with the fake curriculum

SMTP traffic

Back To Top