skip to Main Content

Cybercrime, fake Swift payment spreads AgentTesla

Technical analysis by the Malware Hunter JAMESWT

False Swift payment spreads AgentTesla. The email xlsx attachment uses CVE-2017-11882 to contact a url and download the exe: the malware. Stolen data is exfiltrated via Telegram

A false payment on Swift is the lure to spread a new AgentTesla campaign.

  

The email xlsx attachment uses CVE-2017-11882 to contact a url and download the exe: the malware. The stolen data is then exfiltrated via Telegram.

AgentTesla, through the keylogger function, is able to acquire everything the user types. Furthermore, it can steal browser emails and credentials and take screenshots. Finally, it has the ability to remotely issue commands on the infected PC, such as downloading additional payloads or updating existing ones.

Back To Top