Phishing emails are pushing a new version of a Trojan to infect Windows PCs that steals passwords.
Researchers at a cybersecurity company Fortinet have detailed a new remote access trojan (RAT) that criminals use to steal sensitive information, including passwords. It also targets users of cryptocurrency wallets.
Tesla, the RAT, first originated in 2014. It uses a keylogger to steal whatever sensitive information the victim is typing on infected machines. Researchers at Fortinet have revealed a new campaign that uses an updated version of this RAT.
The malicious emails are designed to look like business emails and contain links that download Agent Tesla. IN one case, an email contained a Microsoft Excel attachment titled “Order Requirements and Specs.” The document’s macro, when run, starts a process that executes and downloads the Trojan.
In this multi-stage attack, criminals use various techniques to install malware and monitor the activity on the machine. It involves downloading and running various PowerShell commands, as well as creating a scheduled task to disguise the installation of the malware.
This attack can also take over a victim’s bitcoin wallet. It does so by modifying the address of the victim’s machine and then hijacks the crypto transfers.
Although Agent Tesla has been around since 2014, it is still effective and relatively cheap to acquire. A license costs as little as $15 on underground forums. The authors of Agent Tesla also offer 24/7 technical support, so that cybercriminals who are starting out can learn the inner workings of cybercrime.
Phishing attacks are still prevalent, and they can be easily avoided through proper precautions like using antivirus software to detect suspicious activity and being suspicious when receiving attachments.