Researchers had discovered that a new variant of the Agent Tesla spyware is spreading via malicious Microsoft Word documents.
This malware was first encountered in June when it was spreading via a Microsoft Word document containing an auto-executable malicious VBA Macro. When opening the document, victims were asked to “enable content,” which in fact was the “install” button of the Agent Tesla spyware.
Back then we told you that this problem could be easily evaded if a robust cybersecurity solution is present in every device that you own. Depending on which version of OS is installed on your device it is imperative to install an antivirus for Windows or antivirus for Mac. Companies should also use the services of a cybersecurity firm to verify their internal network by running various tests like penetration test and ethical hacking tests.
The new malicious documents observed in the recent campaign ask the victim to double-click a blue icon to enable a “clear view.” This action results in a POM.exe file being extracted from the embedded object, which is saved to the system’s temporary folder and executed.
Researchers made a malware analysis of this extracted object and found out that the POM.exe executable is written in Visual Basic and acts as an installer for the Agent Tesla spyware.
The Agent Tesla spyware is designed to collect keystrokes, system clipboard, screenshots, and credentials from a variety of installed software.
The new malware variant has the same capabilities as the previously observed version but uses SMTPS to send the collected data to the attacker’s email box, instead of HTTP POST requests. The commands used in the SMTP method include ‘Passwords Recovered’, ‘Screen Capture’, and ‘Keystrokes’, etc. The commands are stored within the email’s ‘Subject’ field,”.
To receive the stolen information, the cybercriminal registered a free Zoho email account for this campaign.
Remember that only a robust cybersecurity solution can protect your device form all types of unwanted or bogus spyware. The use of an active antivirus is mandatory. We strongly recommend to everyone to install an antivirus for Windows or antivirus for Mac, depending on which version of OS your devices run. If you are a company, please check your network integrity by hiring top cybersecurity firms to perform various tests like penetration test and ethical hacking tests at least once a year.