BleepingComputer cybersecurity experts: Threat actors exploit the CVE-2021-20038 to execute code as the 'nobody' user in compromised appliances.
Technical Analysis by the Malware Hunter JAMESWT
New AgentTesla campaign via “purchase enquiry”. The email rar attachment contains an exe: the malware itself. The stolen data is then exfiltrated with smtp
A “purchase inquiry” from Oman is the vector of a new global AgentTesla campaign.
The rar attachment of the email, detected by cybersecurity researcher cocaman, contains an exe: the malware itself. This, if open, activates the chain of infection. Once installed on the victim’s computer, the stolen data is exfiltrated by cybercrime actors via smtp.
Agent Tesla, in fact, through the keylogger function, is able to acquire everything the user types. Furthermore, he can steal browser emails and credentials and take screenshots. Finally, he has the ability to remotely issue commands on the infected PC, such as downloading additional payloads or updating existing ones.