Germany affected: espionage with stealer agent Tesla

September 27, 2022
| No comments
Kaspersky_news

Share post

As Kaspersky has noted, there is a recent campaign by cybercriminals using malware stealer Agent Tesla for espionage. The malware is distributed via well-crafted spam emails. Almost 15.000 users in Germany are already affected.

Kaspersky experts have discovered a spam email campaign targeting companies worldwide using the notorious stealer Agent Tesla. For the spam campaign, the cyber criminals imitated e-mails from providers or contractors in detail in order to obtain the login data of the organizations concerned - the cyber criminals only revealed the wrong sender address. These credentials are offered for sale on Darkweb forums or used in targeted attacks against these organizations.

Germany 3rd place for attacked users

🔎 Country list: Germany is the 3rd most attacked country (Image: Kaspersky).

According to Kaspersky telemetry, from May to August 2022, malware activity was highest in Europe, Asia, and Latin America. Most of the attacked users came from Mexico with 20.941 users, followed by Spain with 18.090 and Germany with 14.880.

Cyber ​​criminals nowadays invest many resources in bulk spam campaigns. The spam email campaign detected by Kaspersky, targeting various organizations worldwide, mimicked business requests from real companies at a high level, which could only be identified by false sender addresses. The attackers used these spam emails to spread the stealer Agent Tesla. It is a well-known Trojan spy malware that can steal authentication credentials, screenshots and data captured from web cameras and keyboards. The malware was distributed via the spam emails as a self-extracting archive.

Only the sender address reveals the cybercriminals

In one discovered case, an attacker posing as a Malaysian prospect used a strange variant of English to ask the recipient to review some customer requirements and get in touch with the requested documents.

🔎 Kaspersky already detected almost 750.000 attacks from March to August (Image: Kaspersky).

The general format followed corporate correspondence standards: a logo belonging to a real company and a signature with the sender's details. Overall, the request looked legitimate, while the language errors could easily be attributed to the non-native sender. Only the sender address newsletter@trade***.com, which was marked as "Newsletter" and is normally used for news and not for procurement, was an indication that it was not a legitimate mail. Furthermore, the domain name of the sender differed from the company name in the logo.

Classic spam with attachment

In another email, an alleged Bulgarian customer wanted to find out about the availability of some products and discuss further details. The desired product list should be in the attachment as in the previous sample. The similarly suspicious sender address belonged to a Greek, non-Bulgarian domain that appeared unrelated to the company and whose name was misused by the spammers.

"Agent Tesla is a very popular stealer that can steal passwords and other credentials from affected organizations," said Roman Dedenok, security researcher at Kaspersky. “The malware has been known since 2014 and is often used by spammers for mass attacks. In the current campaign, however, the cybercriminals are using techniques that are typical for targeted attacks. The e-mails sent were tailored specifically to the targeted company – they can hardly be distinguished from legitimate e-mails.” Kaspersky products recognize the stealer agent Tesla under the name “Trojan-PSW.MSIL.Agensla”.

More at Kaspersky.com

 

About Kaspersky

Kaspersky is an international cybersecurity company founded in 1997. Kaspersky's in-depth threat intelligence and security expertise serve as the basis for innovative security solutions and services to protect companies, critical infrastructures, governments and private users worldwide. The company's comprehensive security portfolio includes leading endpoint protection as well as a range of specialized security solutions and services to defend against complex and evolving cyber threats. Kaspersky technologies protect over 400 million users and 250.000 corporate customers. More information about Kaspersky can be found at www.kaspersky.com/

 

Matching articles on the topic

Report: 40 percent more phishing worldwide

The current spam and phishing report from Kaspersky for 2023 speaks for itself: users in Germany are after ➡ Read more

BSI sets minimum standards for web browsers

The BSI has revised the minimum standard for web browsers for administration and published version 3.0. You can remember that ➡ Read more

Stealth malware targets European companies

Hackers are attacking many companies across Europe with stealth malware. ESET researchers have reported a dramatic increase in so-called AceCryptor attacks via ➡ Read more

IT security: Basis for LockBit 4.0 defused

Trend Micro, working with the UK's National Crime Agency (NCA), analyzed the unpublished version that was in development ➡ Read more

MDR and XDR via Google Workspace

Whether in a cafe, airport terminal or home office – employees work in many places. However, this development also brings challenges ➡ Read more

Test: Security software for endpoints and individual PCs

The latest test results from the AV-TEST laboratory show very good performance of 16 established protection solutions for Windows ➡ Read more

FBI: Internet Crime Report counts $12,5 billion in damage 

The FBI's Internet Crime Complaint Center (IC3) has released its 2023 Internet Crime Report, which includes information from over 880.000 ➡ Read more

HeadCrab 2.0 discovered

The HeadCrab campaign against Redis servers, which has been active since 2021, continues to successfully infect targets with the new version. The criminals' mini-blog ➡ Read more

Short news
, , , , , ,