Advintel cybersecurity experts: Malware operators now target exposed RDP connections to gain an initial foothold and exploit CVE-2018-8453 and CVE-2019-1069.
Technical analysis by the Malware Hunter JAMESWT
New global Agent Tesla campaign via purchase orders. The zip attachment of the email contains an exe file, the malware itself. This steals information and exfilters it via SMTP
A purchase order conveys Agent Tesla’s latest global campaign. The zip attachment of the email contains an exe file, the malware itself.
This, if open, in fact activates the chain of infection. The goal is to steal sensitive information from victims which is then exfiltrated by cybercrime actors via SMTP.
Agent Tesla, through the keylogger function, is able to acquire everything the user types. Furthermore, he can steal browser emails and credentials and take screenshots. Finally, it has the ability to remotely issue commands on the infected PC, such as downloading additional payloads or updating existing ones.