AgentTesla, a notorious information stealer, is observed spreading via CHM and PDF Files, which covertly harvest critical information from the victim’s computer.
The stealer has features including keylogging, clipboard data capture, file system access, and data transfer to a Command and Control (C&C) server.
According to CRIL, its tactical changes maintain its serious threat to organizations and allow it to continue accessing priceless data.
Due to its adaptability, it may be used to exploit a variety of attack vectors, including email attachments, malicious URLs, and document-based intrusions.
Implementing AI-Powered Email security solutions “Trustifi” can secure your business from today’s most dangerous email threats, such as Email Tracking, Blocking, Modifying, Phishing, Account Take Over, Business Email Compromise, Malware & Ransomware
An AgentTesla infection begins on the victim’s computer by a PowerShell script retrieved through a spam email containing a CHM file.
A lure is used in the specially designed CHM file. Based on the information in the CHM file, it appears to be aimed at people or organizations working in network engineering, telecommunications, or information technology.
This CHM file secretly downloads and runs a PowerShell script from the remote server when the user opens it. The PowerShell script conceals harmful code by using encoded binary strings.
The malicious PowerShell script drops a loader DLL file based on the .NET framework, which injects the AgentTesla payload into system executables.
In this case, this PDF uses two different strategies to spread the infection. In the first technique, the PDF triggers a PowerShell command that loads the AgentTesla malware.
The second technique shows a fake message when the PDF is accessed, and when users click the “Reload” button, a PPAM file is downloaded.
The PowerShell operations executed by this PPAM file download the AgentTesla malware.
Protect yourself from vulnerabilities using Patch Manager Plus to patch over 850 third-party applications quickly. Take advantage of the free trial to ensure 100% security.
Claude AI, developed by Anthropic, has been exploited by malicious actors in a range of…
As Tax Day on April 15 approaches, a alarming cybersecurity threat has emerged targeting U.S.…
Insikt Group has uncovered two new malware families, TerraStealerV2 and TerraLogger, attributed to the notorious…
MintsLoader, a malicious loader first observed in 2024, has emerged as a formidable tool in…
Cybercriminals are intensifying their efforts to undermine multi-factor authentication (MFA) through adversary-in-the-middle (AiTM) attacks, leveraging…
A recent investigation by the FortiGuard Incident Response (FGIR) team has uncovered a sophisticated, long-term…