Cryptolaemus cybersecurity experts: The malware distribution process is the same used to distribute BazarLoader.
Technical analysis by the Malware Hunter JAMESWT
New Agent Tesla campaign via fake automatic invoice email. The img attachment contains an exe: the malware itself. Stolen data is exfiltrated via smtp
A false automatic message on an invoice conveys the new Agent Tesla campaign.
The compressed img attachment contains an executable file: the malware itself. This, if open, activates the chain of infection. Once inside the victim’s computer, it steals information and exfilters it via smtp.
Agent Tesla, in fact, through the keylogger function, is able to acquire everything the user types. Furthermore, it can steal browser emails and credentials and take screenshots. Finally, it has the ability to remotely issue commands on the infected PC, such as downloading additional payloads or updating existing ones.