Agent Tesla Disguised as COVID-19 Vaccination Registration

upnorth

upnorth

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,459
Content source
https://hotforsecurity.bitdefender.com/blog/threat-actors-spread-agent-tesla-disguised-as-covid-19-vaccination-registration-25998.html
A recent phishing campaign targeting Windows machines is attempting to infect users with one of the most recent versions of the Agent Tesla remote access Trojan (RAT).

The malicious campaign, spotted by the Bitdefender Antispam Lab, tries to deliver the malicious payload under the guise of a COVID-19 vaccination schedule that comes as an attachment. Most of the attacks seem to have originated from IP addresses in Vietnam. Although telemetry shows a global dispersion of the malspam campaign, 50% of the malicious emails were directed to South Korea. The messages are designed to look like a business email asking the recipients to go over some technical issues presented in the attachment and register for the vaccine. “Attached herewith is the revised circular,” the malicious email reads. “There are some technical issues in the registration link provided in the circular yesterday. Kindly refer to the attached link. For those who had successful register earlier, kindly ignore this email.”
AgentTesla-Malspam-Campaign.jpg
Active for over seven years, Agent Tesla has been used frequently in phishing campaigns seeking to steal user credentials, passwords and sensitive information. The updated password-stealing capabilities and security-dodging techniques paired with the malware distribution-as-a-service business model have proven highly profitable. Agent Tesla’s popularity surged during the second half of 2020, with more than 46% of all global Agent Tesla reports occurring in Q4.

The malicious attachment (AC 2021 09 V1.doc) is in fact a RTF document exploiting a known Microsoft Office vulnerability. Once accessed, the document downloads Agent Tesla malware. After the malware has collected all the information from the victim’s system, it exfiltrates the credentials and other sensitive data via the SMTP protocol (email) back to an email account registered in advance by the attackers.
Click to expand...
hotforsecurity.bitdefender.com

Threat Actors Spread Agent Tesla Disguised as COVID-19 Vaccination Registration

A recent phishing campaign targeting Windows machines is attempting to infect users with one of the most recent versions of the Agent Tesla remote access Trojan (RAT).
hotforsecurity.bitdefender.com hotforsecurity.bitdefender.com
 
  • Like
  • +Reputation
Reactions: Kongo, struppigel, silversurfer and 6 others
You must log in or register to reply here.

Similar threads

silversurfer
    • Like
    • +Reputation
Malware News New Agent Tesla Malware Variant Using ZPAQ Compression in Email Attacks
Replies
1
Views
1,143
Security News
kamiloxf
K
Sandbox Breaker
    • Like
    • Applause
AWS SSM Agent can be used as a RAT
Replies
0
Views
1,040
News Archive
Sandbox Breaker
Sandbox Breaker
enaph
    • Like
    • Wow
    • +Reputation
Tesla workers shared sensitive images recorded by customer cars
Replies
6
Views
2,808
News Archive
a090
A

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top