Advintel cybersecurity experts: Malware operators now target exposed RDP connections to gain an initial foothold and exploit CVE-2018-8453 and CVE-2019-1069.
Technical analysis by the Malware Hunter JAMESWT
New global receipts themed Agent Tesla. The email zip attachment contains an exe file, the malware itself. This steals information and exfilters it via email
A false receipt conveys the latest global cybercrime campaign to convey Agent Tesla. The email attachment contains an exe file, the malware itself.
This, if opened, starts the chain of infection. Once inside the machine, he steals information which he then exfilters via email.
Agent Tesla, in fact, through the keylogger function, is able to acquire everything the user types. Furthermore, it can steal browser emails and credentials and take screenshots. Finally, it has the ability to remotely issue commands on the infected PC, such as downloading additional payloads or updating existing ones.