Fake Payment receipt vbs drops njrat bladabindi downloads Agent Tesla via Sendspace.

A rather interesting malware campaign from overnight. It all starts with an email pretending to be a payment receipt that contains a .tar attachment which contains a vbs file. As per usual the email is just generic enough to entice a recipient to open … Continue reading Fake Payment receipt vbs drops njrat bladabindi downloads Agent Tesla via Sendspace.

Agent Tesla keylogger via fake Request for Quotation

Yet another Agent Tesla Keylogger / Info-stealer Trojan malware delivered via a fake Request for Quotation email with a malicious Excel XLS spreadsheet attachment using Microsoft Equation Editor Exploit CVE-2017-11882. We see dozens of this sort of ema… Continue reading Agent Tesla keylogger via fake Request for Quotation

Fake HSBC payment details delivers Agent Tesla

A compromised site we saw yesterday delivering Hawkeye keylogger /Infostealer is being used today in an Agent Tesla campaign. I am not 100% positive it is the same bad actors involved but the distribution method, Sites and hosting companies  involved i… Continue reading Fake HSBC payment details delivers Agent Tesla

Fake PO Inquiry email delivers Agent Tesla Keylogger via rtf exploits

An email with the subject of  POQEA inquiry for order pretending to come from Balwinder Singh <sanjayl.sherma@gmail.com>  with a link to download a  malicious word doc   delivers Agent Tesla Keylogger / Remote Access Trojan.  This campaign is u… Continue reading Fake PO Inquiry email delivers Agent Tesla Keylogger via rtf exploits

Agent Tesla keylogger delivered inside a Power ISO .daa archive

We never fail to be astonished by the ingenuity and attempts from malware bad actors to get their malware delivered to their intended victims. However in many cases, like this one, their attempts spectacularly backfire where such a tiny, minuscule numb… Continue reading Agent Tesla keylogger delivered inside a Power ISO .daa archive

Malspam emails overnight Monday 4 February to Tuesday 5 February 2019

Continuing with the masses of different malspam emails arriving overnight to start off this Tuesday Morning 5th February 2019 with its usual early start while I am eating breakfast. They are all typical subjects & email content and all deliver vari… Continue reading Malspam emails overnight Monday 4 February to Tuesday 5 February 2019

Who Is Agent Tesla?

A powerful, easy-to-use password stealing program known as Agent Tesla has been infecting computers since 2014, but recently this malware strain has seen a surge in popularity — attracting more than 6,300 customers who pay monthly fees to license the software. Although Agent Tesla includes a multitude of features designed to help it remain undetected on host computers, the malware’s apparent creator seems to have done little to hide his real-life identity. Continue reading Who Is Agent Tesla?

Spyware Pushers Modify Equation Editor Exploit to Bypass AV Detection

In a case that shows you can teach an old exploit new tricks, a group of attackers who push information-stealing malware modified a well-known exploit in a way that it bypasses detection by most antivirus programs. The incident was reported by researc… Continue reading Spyware Pushers Modify Equation Editor Exploit to Bypass AV Detection

Fake DHL delivery notification Agent Tesla Keylogger

Yet another fake or spoofed DHL delivery notification delivering what looks like Agent Tesla keylogger. An email with the subject of “Vessel Schedule ETD:AUG 26 ,ETA:SEP 20” coming from  Donald Townsend <comercial@twistermedical.com&#62… Continue reading Fake DHL delivery notification Agent Tesla Keylogger

Fake DHL Arrival Notice or Shipment Notice delivers malware via embedded exe files inside MP3 music files

  Following on from last week with an almost identical DHL malware campaign, today I am seeing yet another email pretending to be a DHL Shipment Notification  with the subject of  Arrival Notice For BL – 06/08/2018 / Vessel – DHL ATLAN… Continue reading Fake DHL Arrival Notice or Shipment Notice delivers malware via embedded exe files inside MP3 music files