AhnLab cybersecurity researchers: The malware is downloaded and executed from a WSF file within a compressed file, delivered via URL in phishing emails.
An “Order Proposal Request” spreads AgentTesla in Italy. Cybersecurity researcher and malware hunter, JAMESWT. The attachment contains an exe file: the malware. The stolen data is exfiltrated via SMTP to an email
An “Order Proposal Request” sent via email is the bait of a new AgentTesla campaign, which has arrived in Italy. This was discovered by cybersecurity researcher and malware hunter, JAMESWT.
The compressed attachment contains an exe file: the malware. The stolen data is exfiltrated via SMTP to an email address.
AgentTesla, through the keylogger function, is able to acquire everything the user types. Furthermore, it can steal emails and browser credentials and take screenshots. Finally, it has the ability to remotely issue commands on the infected PC, such as downloading additional payloads or updating existing ones.