Malware, Threat Management, Email security, Vulnerability Management

Agent Tesla RAT distributed through Quantum Builder

Zscaler ThreatLabz researchers discovered that the Agent Tesla remote access trojan is being spread using Quantum Builder in a new malware campaign involving LNK files, The Hacker News reports. Spear-phishing emails purporting to be from a Chinese sugar supplier, which include a GZIP attachment that eventually triggers the launch of a remote HTML application, commence the attack, with the HTA file prompting the decryption and execution of a separate PowerShell script that then retrieves Agent Tesla, the report showed. Meanwhile, the second infection sequence variant involving a ZIP, instead of a GZIP file, was found to have use more obfuscation techniques to conceal malicious activity. "Threat actors are continuously evolving their tactics and making use of malware builders sold on the cybercrime marketplace. This Agent Tesla campaign is the latest in a string of attacks in which Quantum Builder has been used to create malicious payloads in campaigns against various organizations," said researchers.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.