Threat Intelligence, Malware

AgentTesla campaign engages in cybersquatting to host and deliver spyware

Researchers at Zscaler recently discovered a new spyware campaign that used cybersquatting techniques to host, distribute and command-and-control the AgentTesla keylogger via a domain whose name was strikingly similar to Chesapeake, Virginia-based consulting and services firm Diode Technologies.

According to Zscaler, the malicious domain, diodetechs.com, was registered two months prior to the attack, and was only one letter different from Diode Technologies' legitimate domain, diodetech.com. The domain has since been suspended. Diode, whose target customer base includes corporations, government agencies, educational institutions and health-care organizations, was informed of the incident earlier this month.

The campaign infected victims using socially engineered emails with attached documents that were supposedly purchase orders but actually contained malicious macros that installed the AgentTesla payload. Upon downloading, AgentTesla is capable of keylogging, screen capturing and exfiltrating stored passwords. The malware can also terminate various security software programs on a victim's machine and evade sandboxes and virtual environments.

Zscaler's director of security research Deepen Desai confirmed to SCMagazine.com that in one instance, a malicious email purported to come from Diode Technologies. "While we have only seen one instance, it is very likely that they were targeting Diode Technologies customers in this campaign," said Desai in emailed comments.

Bradley Barth

As director of community content at CyberRisk Alliance, Bradley Barth develops content for SC Media online conferences and events, as well as video/multimedia projects. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.