Spread the love

Agent Tesla: what is this virus that goes incognito and wreaks havoc ?

© Image generated by Dall-E artificial intelligence

Agent Tesla is the name of this malware well known to cybersecurity specialists. Although it has existed since 2014, this virus is experiencing a second youth thanks to a very sneaky phishing attack. The alert was given by Trustwave SpiderLabs experts this week.

An attack that is difficult to detect

Concretely , targets receive an email that mimics a bank payment notification. Intrigued, the victim will click on an archive file attachment to find out more. The latter is called “Bank Handlowy w Warszawie – dowód wpłaty_pdf.tar.gz”. In reality, it hides a malicious charger which then activates the deployment of Agent Tesla on your device.

This malware is quite dangerous due to its ability to go unnoticed. It is thus able to bypass the Windows antimalware scanning interface (AMSI). It can then exfiltrate your personal data without arousing the suspicion of antiviruses. Note that Agent Tesla is also a keylogger, which can be very dangerous.

In a blog post published for the occasion, the researcher in security Bernard Bautista, thus points out that this virus is distributed using « methods such as the application of patches to bypass the detection of the Antimalware Scan Interface (AMSI) and dynamically load payloads, ensuring stealthy execution and minimizing disk traces ».

Phishing is on the rise

This alert should be taken seriously, especially since cybercriminals now have access to very powerful phishing kits that allow them to create fake login pages resembling those of popular organizations.

Very well-known French companies are also paying the price for these phishing campaigns. We recently told you about this report from the cybersecurity company Vade which listed 1.76 billion phishing URLs sent last year.

It thus appears that six French companies appear in the top 20 of the most usurped brands last year. We thus find Crédit Agricole in third position with 11,668 URLs. Followed by Orange (4th), La Banque Postale (12th), SFR (15th), OVH (17th) and Société Générale (18th). To find more information on this study, click here.

What you need to remember:

  • Agent Tesla malware is back
  • It is deployed thanks to an attack by rather sneaky phishing
  • This Trojan horse is installed on the target's computer and it is often not detected by antiviruses

📍 For Don't miss any news from Presse-citron, follow us on Google News and WhatsApp.

[ ]

Teilor Stone

By Teilor Stone

Teilor Stone has been a reporter on the news desk since 2013. Before that she wrote about young adolescence and family dynamics for Styles and was the legal affairs correspondent for the Metro desk. Before joining Thesaxon , Teilor Stone worked as a staff writer at the Village Voice and a freelancer for Newsday, The Wall Street Journal, GQ and Mirabella. To get in touch, contact me through my teilor@nizhtimes.com 1-800-268-7116