Technical analysis by the Malware Hunter JAMESWT

New Agent Tesla campaign uses PayPal as a decoy. The email attachment contains an exe, the malware itself. Objective: to steal information and exfiltrate it via mail

A fake PayPal invoice is the bait of the latest global cybercrime campaign to spread Agent Tesla. The email contains a compressed attachment in Gz format, with a followable file inside.

This, if opened, activates the malware infection chain. The goal is to steal sensitive information from victims which is then exfiltrated via email.

The malware, through the keylogger function, is able to acquire everything the user types. Additionally, it can steal browser emails and credentials and take screenshots. Finally, it has the ability to remotely issue commands on the infected PC, such as downloading additional payloads or updating existing ones.