US cybersecurity experts: They exploit fictitious identities and pretend to be elsewhere. They are mainly proposed for remote jobs and involving cryptocurrencies.
Tecnical analysis by the Malware Hunter JAMESWT
A fake DHL email conveys the new Agent Tesla campaign. The gz attachment contains a zip: the malware itself. Stolen data is exfiltrated via smtp
A fake DHL email conveys a new Agent Tesla campaign. The message gz attachment contains a bat file.
This, contains a zip: the malware itself. By opening it, the infection chain is activated. The stolen data is then exfiltrated via smtp.
Agent Tesla, through the keylogger function, is able to acquire everything the user types. Furthermore, it can steal browser emails and credentials and take screenshots. Finally, it has the ability to remotely issue commands on the infected PC, such as downloading additional payloads or updating existing ones.