Agent Tesla RAT Returns in COVID-19 Vax Phish - silversurfer - 22 June 21
Quote:The Agent Tesla remote access trojan (RAT) is scurrying around the internet again, this time arriving via a phishing campaign that uses a COVID-19 vaccination schedule as a lure.
Spotted by researchers at the Bitdefender Antispam Lab, the attackers are targeting Windows machines using emails with malicious attachments. The body of the mails take a business-email approach and ask recipients to review an “issue” with vaccination registration.
“Attached herewith is the revised circular,” the malicious email reads. “There are some technical issues in the registration link provided in the circular yesterday. Kindly refer to the attached link. For those who had successful register earlier, kindly ignore this email.”
This campaign is spreading the most recent variant of Agent Tesla, a Bitdefender spokesperson told Threatpost. The Agent Tesla RAT has been around for at least seven years, beginning its run mostly as a password-stealer. However, new variants have recently emerged with new modules for better evading detection and better data theft, and it’s used frequently in phishing campaigns seeking to steal not just user credentials but also other sensitive information.
“The updated password-stealing capabilities and security-dodging techniques paired with the malware distribution-as-a-service business model have proven highly profitable,” according to the spokesperson.
Read more: Agent Tesla RAT Returns in COVID-19 Vax Phish | Threatpost
|