Updated Agent Tesla variant deployed in new phishing campaign

Threat actors have launched a new phishing campaign targeting Spanish-speaking individuals with an updated Agent Tesla malware variant, Hackread reports.

Attacks begin with the distribution of a fraudulent Spanish-language SWIFT transfer notification email containing an Excel file in OLE format abusing the CVE-2017-0199 flaw, which when opened triggers an OLE hyperlink as it downloads an RTF file, a report from Fortinet's FortiGuard Labs revealed.

Such a campaign also involved the exploitation of the Microsoft Office Equation Editor remote code execution bug, tracked as CVE-2017-11882, to enable arbitrary code execution prior to the delivery of a new Agent Tesla variant via stealthy JPG files.

Aside from enabling total device hijacking, the updated Agent Tesla malware also allows sensitive data exfiltration across 80 software apps, as well as the monitoring of Thunderbird email client usage, browser cookies, saved credentials, system information, and operation in analysis environments, including virtual machines and sandboxes, researchers added.