Do not open the attachment in these emails

Researchers from the company Kaspersky have warned of a new spam campaign, in which e-mails are sent en masse with an attachment in which the Agent Tesla malware is hidden. The campaign is aimed at employees of companies, and what is unusual is that those behind it were very careful when it comes to details so that these emails can easily deceive potential victims because they look like business emails with documents attached. The attacker’s goal is to trick the recipient into opening the attachment and launching the malware.

Cybercriminals use real companies as cover: emails contain real logos and legitimate-looking signatures.

“Their English is far from perfect, so they pretend to be residents of non-English-speaking countries (Bulgaria or Malaysia, for example) to raise less suspicion,” say the researchers.

They noticed that the names of many companies are used in this campaign, so the text of the messages is changed accordingly. Sometimes they ask the company’s employees for prices for certain products listed in the attached archive, other times they ask if the specified product is in stock. Researchers say these are probably not all versions of the text that cybercriminals use to lure victims. The idea is to convince the victim to check what kind of goods the fake client is interested in.

“Cybercriminals put a lot of effort into the preparation phase, which is not typical for such mass mailing campaigns. “We have previously seen such techniques used only in targeted attacks,” the researchers say.

The only alarm from the victim’s point of view is that the sender’s address rarely matches the company name, while the sender’s name differs from the name in the signature, which is not common for legitimate business addresses. In the example provided by Kaspersky, mail is sent from the address “[email protected]”, which may be fine for a marketing mail, but “absolutely not normal for a quote request letter”.

Agent Tesla is a fairly old malware that steals confidential information and sends it to attack operators. First of all, it looks for credentials stored in various programs: browsers, e-mail clients, FTP/SCP clients, databases, remote administration tools, VPN applications, and several messengers. However, Agent Tesla is also capable of stealing data from the clipboard, recording keystrokes and taking screenshots.

Malware sends all collected information to attackers via e-mail. However, some versions of the malware can also transmit data via Telegram, or upload it to a website or FTP server.

Ideally, such malware should be stopped at an early stage, when the email reaches the corporate mail server. Although malware is not always visible to the naked eye and at first glance, mail scanners are usually capable of such tasks. For this reason, the researcher’s recommendation is to protect the server with an appropriate security solution, as well as employees’ computers, as well as their education.

Photo by Maksim Goncharenok from Pexels

Source: by

*The article has been translated based on the content of by If there is any problem regarding the content, copyright, please leave a report below the article. We will try to process as quickly as possible to protect the rights of the author. Thank you very much!

*We just want readers to access information more quickly and easily with other multilingual content, instead of information only available in a certain language.

*We always respect the copyright of the content of the author and always include the original link of the source article.If the author disagrees, just leave the report below the article, the article will be edited or deleted at the request of the author. Thanks very much! Best regards!