There is a recent Agent Tesla phishing campaign themed around COVID-19 vaccination. The body of the email messages take a business-like approach and ask recipients to review an “issue” with vaccination registration. This campaign is spreading the most recent variant of Agent Tesla, a Bitdefender spokesperson told Threatpost. The Agent Tesla RAT has been around for at least seven years, beginning its run mostly as a password-stealer. However, new variants have recently emerged with new modules for better evading detection and improved data theft, and it’s used frequently in phishing campaigns seeking to install other malware and steal not just user credentials but also other sensitive information. “The updated password-stealing capabilities and security-dodging techniques paired with the malware distribution-as-a-service business model have proven highly profitable,” according to the spokesperson. In the current campaign, the malicious attachment turns out to be a .RTF document that exploits the known Microsoft Office vulnerability tracked as CVE-2017-11882, a remote code-execution (RCE) bug stemming from improper memory handling. Once opened, the document downloads and executes Agent Tesla malware.
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is