© Image generated by Dall-E artificial intelligence
Agent Tesla is the name of this malware well known to cybersecurity specialists. Although it has existed since 2014, this virus is experiencing a second youth thanks to a very sneaky phishing attack. The alert was given by Trustwave SpiderLabs experts this week.
An attack that is difficult to detect
Concretely , targets receive an email that mimics a bank payment notification. Intrigued, the victim will click on an archive file attachment to find out more. The latter is called “Bank Handlowy w Warszawie – dowód wpłaty_pdf.tar.gz”. In reality, it hides a malicious charger which then activates the deployment of Agent Tesla on your device.
This malware is quite dangerous due to its ability to go unnoticed. It is thus able to bypass the Windows antimalware scanning interface (AMSI). It can then exfiltrate your personal data without arousing the suspicion of antiviruses. Note that Agent Tesla is also a keylogger, which can be very dangerous.
In a blog post published for the occasion, the researcher in security Bernard Bautista, thus points out that this virus is distributed using « methods such as the application of patches to bypass the detection of the Antimalware Scan Interface (AMSI) and dynamically load payloads, ensuring stealthy execution and minimizing disk traces ».
Phishing is on the rise
This alert should be taken seriously, especially since cybercriminals now have access to very powerful phishing kits that allow them to create fake login pages resembling those of popular organizations.
Very well-known French companies are also paying the price for these phishing campaigns. We recently told you about this report from the cybersecurity company Vade which listed 1.76 billion phishing URLs sent last year.
It thus appears that six French companies appear in the top 20 of the most usurped brands last year. We thus find Crédit Agricole in third position with 11,668 URLs. Followed by Orange (4th), La Banque Postale (12th), SFR (15th), OVH (17th) and Société Générale (18th). To find more information on this study, click here.
What you need to remember:
- Agent Tesla malware is back
- It is deployed thanks to an attack by rather sneaky phishing
- This Trojan horse is installed on the target's computer and it is often not detected by antiviruses
📍 For Don't miss any news from Presse-citron, follow us on Google News and WhatsApp.
[ ]