skip to Main Content

Cybercrime, the AgentTesla beauty products-themed campaign intensifies

Beauty products-themed AgentTesla campaign intensifies. In 3 days, as many emails arrived. The text is always the same, change the name of the attachment. A rar with an exe inside: the malware

Beauty-themed AgentTesla campaign intensifies. In three days, the same number of emails arrived. The text of the message is always the same, change the name of the rar attachment.


Inside is a real pdf file and an exe: the malware. In the latter case, the name of the attachment is “RFQ Inquiry sheet” and the data is exfiltrated via SMTP.

AgentTesla, through the keylogger function, is able to acquire everything the user types. Also, it can steal emails and browser credentials and take screenshots. Finally, it has the ability to remotely issue commands to the infected PC, such as downloading additional payloads or updating existing ones.

Back To Top