A zip attachment contains a img with an exe: the malware. The other, a pdf downloading a zip with an exe: the same malware. The data is exfiltrated via SMTP.
Cybercrime, new AgentTesla campaign via beauty products
New AgentTesla campaign via beauty products. The rar attachment of an email requesting several products from China contains an exe file: the malware. The stolen data is exfiltrated via SMTP
AgentTesla goes back to hiding in the beauty products-themed malspam campaign.
The rar attachment of an email requesting several products contains an exe file: the malware. The stolen data is exfiltrated via SMTP.
However, unlike previous campaigns, the new one inserts references to an address in China instead of the UK in the text. AgentTesla, through the keylogger function, is able to acquire everything the user types. Also, it can steal emails and browser credentials and take screenshots. Finally, it has the ability to remotely issue commands to the infected PC, such as downloading additional payloads or updating existing ones.
Related Posts
