Subj : Beware that bank payment notice could actually be a damaging new To : All From : TechnologyDaily Date : Thu Mar 28 2024 16:45:05 Beware that bank payment notice could actually be a damaging new malware Date: Thu, 28 Mar 2024 16:32:13 +0000 Description: Be careful when receiving payment slips from Polish banks - they could be the Agent Tesla infostealer. FULL STORY ====================================================================== Hackers are mailing people a never-seen-before loader, designed to drop the Agent Tesla infostealer on their devices, experts have warned. Researchers from Trustwave SpiderLabs first observed this campaign in early March 2023, deteching hackers are sending out phishing emails apparently impersonating a Polish bank. The email message is seemingly a bank payment notification, and it comes with an archive file attachment, called Bank Handlowy w Warszawie - dowd wpaty_pdf.tar.gz, which roughly translates to proof of payment - but opening the file triggers the installation of the Agent Tesla infostealer. Keylogger, screenshot grabber, infostealer "This loader then used obfuscation to evade detection and leveraged polymorphic behavior with complex decryption methods," researchers said. "The loader also exhibited the capability to bypass antivirus defenses and retrieved its payload using specific URLs and user agents leveraging proxies to further obfuscate traffic." The loader can also work around the Windows Antimalware Scan Interface (AMSI), it was said, by "patching the AmsiScanBuffer function to evade malware scanning of in-memory content. Finally, once Agent Tesla is decoded and executed in memory, the attackers can pull sensitive data via SMTP, using what seems to be a legitimate, but compromised email account belonging to a security system supplier from Turkey. Agent Tesla is a remote access trojan (RAT) written in .NET. Different threat actor groups have been actively using it for a decade now, to target victims using the Microsoft Windows operating system. Security experts deem it a versatile malware with numerous features, from stealing information, to logging keystrokes, to grabbing screenshots. Since its release in 2014, Agent Tesla has been frequently updated, and is now being offered as a service, with multiple subscription packages. Last time we heard of Agent Tesla was in December last year, when Zscaler ThreatLabs observed hackers abusing an ancient Office flaw to deploy the infostealer. Via The Hacker News More from TechRadar Pro An ancient Microsoft Excel vulnerability is being hijacked to spread malware Here's a list of the best firewalls around today These are the best endpoint security tools right now ====================================================================== Link to news story: https://www.techradar.com/pro/security/beware-that-bank-payment-notice-could-a ctually-be-a-damaging-new-malware --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .