New Covid-Related Phishing Campaign Spreads Agent Tesla RAT

Even though an increasingly larger part of the world's population is getting vaccinated for Covid-19 and the global hysteria that had gripped the world in the first half of 2020 is now gradually dying down and life is slowly returning to a semblance of normalcy, there is still enough anxiety to allow bad actors and hackers to pull off schemes related to the virus.

In the latest instance of Covid-themed malware campaigns, security researchers have noticed a new phishing campaign is afoot, spreading the Agent Tesla remote access Trojan (RAT). The new push to spread Agent Tesla was spotted by Romanian security researchers and uses a fake Covid vaccination plan as the lure.

The body of the malicious emails is written in a succinct, business-like manner and encourages potential victims to take action and review some sort of made-up "issue" with their vaccination registration. The email bait mentions unspecified "technical issues" and invites victims to click a link. One of the very first signs that there is something wrong with the email is that it has several grammatical and syntactic mistakes in its text, despite its relatively short length.

The Agent Tesla RAT itself is nothing new, it has been tracked by security researchers for the better part of a decade now. Even though the RAT was primarily used as to steal passwords in the past, its newest versions have an expanded set of malicious capabilities, including better detection avoidance and even better data scraping tools.

The malicious attachment carried in the phishing email is a rich text format .rtf file that abuses a pretty old vulnerability that was hugely popular with bad actors a few years ago. The vulnerability in question was codified as CVE-2017-11882 and has been long-since patched, as the 2017 year identifier in the designator suggests. However, it seems whoever is running this latest campaign is on the lookout for users who are still running outdated versions of Microsoft Office 2007 to 2016.

Any information the RAT manages to scrape from the infected system, it transfers to its operators through SMTP.

As with any phishing campaign, the best way to stay safe is to never click links or open attachments contained in unsolicited emails. Sometimes more elaborate phishing lures composed by native speakers have perfect grammar and can even use the logos of the legitimate institution they are trying to mimic. Being extra careful and keeping an anti-malware suite installed and updated at all times can help further reduce the threat of opening a malicious email and getting infected with malware.

By Zaib
June 22, 2021
Computer Security
English
June 22, 2021
Computer Security

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

4 years ago

Microsoft Warns State-Backed Threat Actors Are Using AI in...

4 days ago

Trojan Al11 Malware Detection & Removal - An Essential...

11 months ago

Pinaview is a Fully-Featured Adware App

10 months ago

"Your iCloud is Being Hacked" and "Your iPhone has Been...

7 months ago

What is Lucky Ransomware?

7 months ago

Related Posts

Phishing

A New Phishing Campaign Targets PayPal Users via SMS

Phishing attacks show no signs of slowing down in the new year. A new campaign has been making the rounds, this time targeting PayPal users. The scammers are sending fake SMS messages in their attempt to phish out... Read more

January 7, 2021
Phishing

CAM4 Phishing Scams

CAM4 is an adult website, which provides its users with access to adult videos and web cameras. However, just like other adult sites, it is often associated with phishing scams, which are usually hosted on 3rd-party... Read more

June 14, 2021
News

Home and Small-Office Routers Redirect Users to Phishing Websites That Exploit COVID-19

Many people in the 199 countries that are hit by the COVID-19 pandemic are staying at home and are trying to make the most out of what is a woeful situation. Whether they're working or doing something else, a large... Read more

March 27, 2020
English
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Backup Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Backup's Terms of Service Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2024 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.