Data Security, Phishing, Email security

Updated Agent Tesla variant deployed in new phishing campaign

A computer screen displays a digital alert of an email phishing threat, accompanied by a striking red warning sign.

Threat actors have launched a new phishing campaign targeting Spanish-speaking individuals with an updated Agent Tesla malware variant, Hackread reports.

Attacks begin with the distribution of a fraudulent Spanish-language SWIFT transfer notification email containing an Excel file in OLE format abusing the CVE-2017-0199 flaw, which when opened triggers an OLE hyperlink as it downloads an RTF file, a report from Fortinet's FortiGuard Labs revealed.

Such a campaign also involved the exploitation of the Microsoft Office Equation Editor remote code execution bug, tracked as CVE-2017-11882, to enable arbitrary code execution prior to the delivery of a new Agent Tesla variant via stealthy JPG files.

Aside from enabling total device hijacking, the updated Agent Tesla malware also allows sensitive data exfiltration across 80 software apps, as well as the monitoring of Thunderbird email client usage, browser cookies, saved credentials, system information, and operation in analysis environments, including virtual machines and sandboxes, researchers added.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.