ESET cybersecurity experts: It’s a banking trojan that has already targeted users from Poland, impersonating Bolt Food. Goal: to steal banking-cryptocurrency credentials.
Technical analysis by the Malware Hunter JAMESWT
Agent Tesla is now sent to Italy with the curriculum vitae. Fake email from an alleged “professional technical employee” with .ace attachment. Inside there is an executable with malware. The data is exfiltrated via email
Agent Tesla is now hiding behind an alleged “professional technical employee”. The latest cybercrime campaign to distribute malware in Italy uses an email with an attached curriculum vitae in .ace format. This contains within it the executable of the malware. The goal of cyber criminals is to use it to steal sensitive data from victims, which are then exfiltrated via email to a fixed address. Agent Tesla, in fact, through the keylogger function, is able to acquire everything the user types. It can also steal email and browser credentials, and take screenshots. Finally, it has the ability to remotely issue commands on the infected PC, such as downloading additional payloads or updating those present.