PaloAlto Unit42 discovered a malicious HTML help file delivering Agent Tesla.
The attack is interesting because attackers are often looking for creative ways to deliver their payloads.
Their purpose in doing so is twofold:
An attempt to bypass security products.
An attempt to bypass security training.
Potential victims may have been trained to avoid documents, scripts and executables from unknown senders, but it is important to be careful of almost any filetype.
Agent Tesla is well-known malware that has been around for a while.
Agent Tesla focuses on stealing sensitive information from a victim's computer and sending that information to the attacker over FTP, SMTP or HTTP.
It does this primarily via keystroke logging, screen capturing, camera recording and accessing sensitive data.
Malicious Compiled HTML Help File Delivering Agent Tesla
Userlevel 5
+3
Be the first to reply!
Reply
Login to the community
No account yet? Create an account
Login
CUSTOMER / CYMULATE EMPLOYEE LOGINor
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.