skip to Main Content

Cybercrime, beauty products are the new vehicle for AgentTesla

Beauty products are the new vehicle for AgentTesla. The rar attachment in the fake email from a real UK company contains an exe: the malware. The stolen data is exfiltrated via FTP to a domain in Iran

Beauty products are the new vehicle for AgentTesla. A fake email from a real UK company in the sector, which almost perfectly simulates the legitimate one (@pbs.beauty.com instead of @pbs-beauty.com), asks the potential victim to buy a list of products, some examples of which are contained in a rar attachment.

 

There is actually an exe file inside: the malware. The stolen data is exfiltrated via FTP to a domain in Iran.

 

AgentTesla, through the keylogger function, is able to acquire everything the user types. Also, it can steal emails and browser credentials and take screenshots. Finally, it has the ability to remotely issue commands to the infected PC, such as downloading additional payloads or updating existing ones.

Back To Top