Agent Tesla RAT Is Back In COVID-19 Themed Phishing Emails

Agent Tesla RAT Is Back In COVID-19 Themed Phishing Emails

The agent Tesla remote access trojan is back with a vengeance, sniffing around the Internet again. This time, its phishing campaign is based on fake alerts about a COVID-19 vaccination schedule.

Researchers at the Bitdefender Antispam Lab say the emails are targeted at individuals who have not yet registered for vaccinations. The recipients are asked to review an “issue” with vaccination registration. The emails contain malicious attachments spreading the latest variant of Agent Tesla, a spokesperson for Bitdefender said.

The Agent Tesla RAT has been used mostly to steal passwords but has added new modules for more effective evading detection and better data theft. It’s become more effective at detecting and phishing for sensitive information, researchers said.

“The updated password-stealing capabilities and security-dodging techniques paired with the malware distribution-as-a-service business model have proven highly profitable,” according to the Bitdefender spokesperson.

The malicious attachment that’s been hitting the victims lately is a .RTF document that exploits a known Microsoft Office vulnerability tracked as CVE-2017-11882. This bug can be exploited by remote actors to perform a remote code-execution (RCE) attack.

“According to a joint CISA and FBI advisory, CVE-2017-11882 was among the most exploited software vulnerabilities between 2016 and 2019,” according to Bitdefender’s post on Friday. “So it seems that bad actors are still hunting for outdated and unpatched software that can easily be compromised.”

The attached document downloads and executes Agent Tesla malware once opened. Tesla collects information from the victim’s system and hoovers up sensitive data.

Researchers said that this method sends the victim’s credentials to an attackers’ email account that’s been registered in advance via the SMTP protocol.

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.