skip to Main Content

Cybercrime, AgentTesla now passes by banks in Turkey

AgentTesla now passes by banks in Turkey. The email attachment “12790429914_20221122_05373027_HesapOzeti.7z” contains an exe file: the malware. Stolen data is exfiltrated via SMTP

The new AgentTesla campaign uses banks in Turkey as bait. A fake email from Isbank notifies the user that he can change his preferences for accessing the account and online services and associates the position statement with the message.

The “12790429914_20221122_05373027_HesapOzeti.7z” attachment, however, contains an exe file: the malware. The stolen data is then exfiltrated via SMTP.

Moreover, the real sender is a previously compromised machinery company, like recent campaigns of this type.

AgentTesla, through the keylogger function, is able to acquire everything the user types. Also, it can steal emails and browser credentials and take screenshots. Finally, it has the ability to remotely issue commands to the infected PC, such as downloading additional payloads or updating existing ones.

Back To Top