Malware, Threat Intelligence

Sophisticated delivery method leveraged for novel Agent Tesla variant

Threat actors have been distributing a new Agent Tesla malware variant in attacks leveraging a lure file with the ZPAQ file compression format with improved compression ratios and journaling functionality over the RAR and ZIP formats, according to The Hacker News. Intrusions commence with the delivery of emails with a ZPAQ file masquerading as a PDF document, which when downloaded facilitates the extraction of an unarchived .NET executable made to look 1 GB in size to evade detection, according to a report from G Data. Agent Tesla then enables exfiltration of data from almost 40 web browsers and numerous email clients. While ZPAQ has its benefits for attackers, the format lacks software support as a detriment, noted researcher Anna Lvova. "The usage of the ZPAQ compression format raises more questions than answers. The assumptions here are that either threat actors target a specific group of people who have technical knowledge or use less widely known archive tools, or they are testing other techniques to spread malware faster and bypass security software," said Lvova.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.