skip to Main Content

Cybercrime, the new Agent Tesla campaign passes through Taiwan

Technical analysis by the Malware Hunter JAMESWT

Agent Tesla’s new campaign uses fake email bait from a real company in Taiwan. The attachments, iso and zip, hide the same exe file that starts the infection of the malware, which communicates with an SMTP server

Agent Tesla is now being distributed with fake emails from a Taiwanese company, which contain attachments in iso or zip format. These hide the same exe file which, if opened, starts the infection of the malware which contacts an SMTP server to exfiltrate the data. Cybercrime campaign goal: to steal sensitive information from victims. The malware, in fact, through the keylogger function is able to acquire everything the user types. It can also steal browser emails and credentials and take screenshots. Finally, it has the ability to remotely issue commands on the infected PC, such as downloading additional payloads or updating existing ones.

The fake email with the iso attachment

The fake email with the zip attachment

The communication between the malware and the SMTP server

The malware family attribution

Back To Top