Advintel cybersecurity experts: Malware operators now target exposed RDP connections to gain an initial foothold and exploit CVE-2018-8453 and CVE-2019-1069.
Technical analysis by the Malware Hunter JAMESWT
The Agent Tesla campaign via purchase orders returns to the office after a day off. The email zip attachment contains an exe file, the malware itself. This steals information and exfilters it, this time via email
The global Agent Tesla campaign returns after a day off. The bait is always a fake email from a real company on a purchase order.
The compressed attachment in zip format contains an exe file, the malware itself. This, if open, activates the chain of infection. Once inside the target machine, it steals information and exfilters it, this time via email.
Agent Tesla, in fact, through the keylogger function, is able to acquire everything the user types. Furthermore, it can steal browser emails and credentials and take screenshots. Finally, it has the ability to remotely issue commands on the infected PC, such as downloading additional payloads or updating existing ones.