skip to Main Content

Cybercrime, Agent Tesla now “navigate” with vessels

New Agent Tesla campaign exploit fake invoices by a real private marine company. The infection chains is activated by the .doc document attached

Agent Tesla is now spread thanks the “vessels” lure. There is a new malspam campaign, that exploits fake invoices by a real maritime private limited company. The objective is to let the victim open the attachment, that include a .doc and a .xlsx file. The second doesn’t work, but the first contacts a link that download the malware. The goal of cyber criminals is to use it to steal sensitive data from victims, which are then exfiltrated via email to a fixed address. Agent Tesla, in fact, through the keylogger function, is able to acquire everything the user types. It can also steal email and browser credentials, and take screenshots. Finally, it has the ability to remotely issue commands on the infected PC, such as downloading additional payloads or updating those present.

The email on the fake invoice (thanks to Cocaman)

DNS HTTP/HTTPS requests / Connection

The communication  with the SMTP

Back To Top