Phishing, Malware, Threat Intelligence

Agent Tesla distributed via fraudulent bank notifications

A customer service technician types on a computer.

Threat actors have launched a new phishing campaign using fraudulent bank payment notifications to facilitate the deployment of the Agent Tesla information-stealing and keylogging malware, The Hacker News reports.

Attacks involved fake bank payment emails that with an attached archive file, which when clicked would trigger a malicious .NET-based loader that evades the Windows Antimalware Scan Interface while executing Agent Tesla, according to a report from Trustwave SpiderLabs.

"[The loader] employs methods like patching to bypass Antimalware Scan Interface (AMSI) detection and dynamically load payloads, ensuring stealthy execution and minimizing traces on disk. This loader marks a notable evolution in the deployment tactics of Agent Tesla," said Trustwave researcher Bernard Bautista.

Such a development follows a BlueVoyant report detailing TA544's exploitation of PDF documents to distribute WikiLoader malware, also known as WailingCrab, as well as a Sekoia report noting the increased utilization of the Tycoon phishing kit in adversary-in-the-middle attacks.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.