An email with the subject of POQEA inquiry for order pretending to come from Balwinder Singh <sanjayl.sherma@gmail.com> with a link to download a malicious word doc delivers Agent Tesla Keylogger / Remote Access Trojan. This campaign is using Malformed RTF files that use the Microsoft Equation Editor CVE-2017-11882 with embedded ole objects that call out to a remote URL to download the actual payload. All this is nothing new & we see this type of malware delivery method frequently. I really can’t understand why so many recipients do apparently still get infected by it. There have been numerous windows & … Continue reading →