Proofpoint cybersecurity experts: Groups from India, Russia and China exploit this technique. The files have low detection rate by public antivirus.
New Agent Tesla campaign exploit fake invoices by a real private marine company. The infection chains is activated by the .doc document attached
Agent Tesla is now spread thanks the “vessels” lure. There is a new malspam campaign, that exploits fake invoices by a real maritime private limited company. The objective is to let the victim open the attachment, that include a .doc and a .xlsx file. The second doesn’t work, but the first contacts a link that download the malware. The goal of cyber criminals is to use it to steal sensitive data from victims, which are then exfiltrated via email to a fixed address. Agent Tesla, in fact, through the keylogger function, is able to acquire everything the user types. It can also steal email and browser credentials, and take screenshots. Finally, it has the ability to remotely issue commands on the infected PC, such as downloading additional payloads or updating those present.