The malicious code labeled AgentTesla imitates the official communication of Slovak banks and tries to lure sensitive data from users.
Even in recent weeks, Slovakia has not been visited by an extensive fiscal campaign targeting bank clients. Eset identifies malicious code as AgentTesla. Its goal is to confuse people and get them to unknowingly download and install malware on their computer. In Slovakia, the malicious code is spread via e-mails that imitate the official communication of VUB Bank, Tatra Bank and Slovenská sporiteľňa, ie the three largest Slovak banks.
Attachments with an inconspicuous pair of suffixes
Everyone who finds unexpected correspondence from one of the three banks in their mailbox should warn you. The received e-mail has the notification “URGENT: Copy of advice of received payment” in its subject. The report is mostly sent from the suspicious address “[email protected]”, which may at first glance resemble a government organization in Bangladesh. The attackers assume that the victims will also want to read the urgent correspondence. Therefore, they insert a malicious file with a double extension .pdf.exe or .pdf.iso. This exploits the default settings of mail clients, which usually only display the first .pdf extension.
If the user finds it, opening the file will start downloading the malicious content to the computer. The malicious code then runs on your computer and begins collecting credentials or recording keystrokes and taking screenshots. He then sends this data to the attacker’s servers, who can later misuse it. “This is a very popular family of malicious code, mainly because even a less experienced attacker can buy it online and then easily use it in an attack. The fact that they are trying to imitate emails from several Slovak and other foreign banks is nothing new, “explains Ondrej Kubovič from Eset.
Source: Pravda – Veda a technika by vat.pravda.sk.
*The article has been translated based on the content of Pravda – Veda a technika by vat.pravda.sk. If there is any problem regarding the content, copyright, please leave a report below the article. We will try to process as quickly as possible to protect the rights of the author. Thank you very much!
*We just want readers to access information more quickly and easily with other multilingual content, instead of information only available in a certain language.
*We always respect the copyright of the content of the author and always include the original link of the source article.If the author disagrees, just leave the report below the article, the article will be edited or deleted at the request of the author. Thanks very much! Best regards!