The templates change, but the bait remains the same: a package in storage. The goal is to make the user enter sensitive data on a fake site to steal it and activate a subscription.
Cybercrime, new Agent Tesla campaign uses PayPal as bait
Technical analysis by the Malware Hunter JAMESWT
New Agent Tesla campaign uses PayPal as a decoy. The email attachment contains an exe, the malware itself. Objective: to steal information and exfiltrate it via mail
A fake PayPal invoice is the bait of the latest global cybercrime campaign to spread Agent Tesla. The email contains a compressed attachment in Gz format, with a followable file inside.
This, if opened, activates the malware infection chain. The goal is to steal sensitive information from victims which is then exfiltrated via email.
The malware, through the keylogger function, is able to acquire everything the user types. Additionally, it can steal browser emails and credentials and take screenshots. Finally, it has the ability to remotely issue commands on the infected PC, such as downloading additional payloads or updating existing ones.