The “Re: Our Ref: MSS Urgent Order” email bait for AgentTesla. The compressed attachment contains an exe file: the malware. Stolen data is exfiltrated via Telegram API

The fake “Re: Our Ref: MSS Urgent Order” email is the latest lure in the AgentTesla campaign.

The compressed attachment contains an exe file: the malware. Stolen data is exfiltrated via Telegram API.

AgentTesla, through the keylogger function, can capture everything the user types. Also, it can steal emails and browser credentials and take screenshots. Finally, it has the ability to remotely issue commands to the infected PC, such as downloading additional payloads or updating existing ones.