#AgentTesla

The Daily Tech Feed

@thedailytechfeed.com

2 weeks ago

New phishing campaign delivers Agent Tesla via multi-stage, in-memory attack chain, evading detection. Stay vigilant! #CyberSecurity #Phishing #AgentTesla #Malware Link: thedailytechfeed.com/sophisticate...

Brad

@malware-traffic-analysis.net

1 month ago

Screenshot of my blog post with the files and information from this infection.

Screenshot of the email with an attached RAR archive.

The malware, extracted from the attached RAR archive.

Traffic from the infection filtered in Wireshark.

2026-02-03 (Tuesday): #GuLoader for #AgentTesla style malware with FTP data exfiltration. A #pcap of the infection traffic, associated files, and a list of indicators are available at www.malware-traffic-analysis.net/2026/02/03/i...

2rZiKKbOU3nTafniR2qMMSE0gwZ

@2rzikkbou3ntafnir2qmmse0gwz.activitypub.awakari.com.ap.brid.gy

1 month ago

Building a Unified Front Against Infostealers with Threat Intelligence TL;DR / Fast Answer Combatting the surge of infostealers and human-operated ransomware requires more than isolated security t...

#Threat #Intelligence #AgentTesla #cti #infostealers #threat […]

[Original post on vmray.com]

Alireza Gharib

@alirezagharib.net

2 months ago

5/5 Monitor for powershell.exe with a command line containing select -Skip targeting .srt files. That’s a 100% indicator of this campaign.

#CyberSecurity #AgentTesla #BlueTeam #Malware #Torrent #SOC #Infosec2025

ESET Research

@esetresearch.bsky.social

2 months ago

ESET researchers have observed BlackHawk being used in spearphishing campaigns to deliver #AgentTesla, targeting hundreds of endpoints in Romanian small and medium-sized companies. 5/9

@pcmaggreece.bsky.social

2 months ago

Προσοχή: Το torrent της νέας ταινίας του Λεονάρντο Ντι Κάπριο είναι κακόβουλο λογισμικό Windows Ένα torrent για την ταινία "One Battle After Another" εγκαθιστά ένα Trojan απομακρυσμένης πρόσβασης που ονομάζεται Agent Tesla.

⚠️Οι απατεώνες εκμεταλλεύονται τη δημοτικότητα της τελευταίας ταινίας του Λεονάρντο Ντι Κάπριο για να προσπαθήσουν να μολύνουν ανυποψίαστους χρήστες PC με κακόβουλο λογισμικό. #OneBattleAfterAnother #AgentTesla

The Daily Tech Feed

@thedailytechfeed.com

3 months ago

Cybercriminals exploit fake Leonardo DiCaprio movie torrents to spread Agent Tesla malware. Stay vigilant and avoid downloading from unverified sources. #CyberSecurity #MalwareAlert #AgentTesla Link: thedailytechfeed.com/cybercrimina...

Tarnkappe.info

@tarnkappe.bsky.social

3 months ago

„One Battle After Another”: Torrent versteckt Malware in Untertiteln Ein gefälschter Torrent für Leonardo DiCaprios Film „One Battle After Another” versteckt eine bösartige Malware in den Untertiteldateien. Der Artikel <a href="https://tarnkappe.info/artikel/cyberangriffe/one-battle-after-another-torrent-versteckt-malware-in-untertiteln-324191.html">„One Battle After Another”: Torrent versteckt Malware in Untertiteln</a> erschien zuerst auf <a href="https://tarnkappe.info">TARNKAPPE.INFO</a>

📬 „One Battle After Another”: Torrent versteckt Malware in Untertiteln

#Cyberangriffe #ITSicherheit #Warez #AgentTesla #BeniciodelToro #Bitdefender #LeonardoDiCaprio #OneBattleAfterAnother #SeanPenn

Hackread.com

@hackread.bsky.social

3 months ago

Torrent for DiCaprio’s “One Battle After Another” Movie Drops Agent Tesla Follow us on Bluesky, Twitter (X), Mastodon and Facebook at @Hackread

Watch out as fake torrent for DiCaprio’s “One Battle After Another” is spreading Agent Tesla malware through malicious subtitles and hidden scripts.

Read: hackread.com/dicaprio-one...

#Cybersecurity #AgentTesla #Malware #Windows #OneBattleAfterAnother

@matricedigitale.bsky.social

4 months ago

La CERT-AgID riassume le campagne malevole in Italia dal 25 al 31 ottobre 2025, con malware infostealer e phishing istituzionali in aumento.

#AgentTesla #CERTAgID #Formbook
www.matricedigitale.it/2025/10/31/c...

@matricedigitale.bsky.social

5 months ago

CERT-AGID segnala 25 phishing, 6 malware e 3 vulnerabilità dal 13 al 19 settembre, con focus su Poste, Agenzia Entrate e infostealer.

#AgentTesla #CERTAgID #malware #phishing
www.matricedigitale.it/2025/09/20/c...

Reverse-Engineering

@reverse-engineering.activitypub.awakari.com.ap.brid.gy

6 months ago

Malware Analysis Chronicles: Unpacking AgentTesla Introduction

Malware Analysis Chronicles: Unpacking AgentTesla Introduction Continue reading on System Weakness »

#tesla #malware #agenttesla #malware-analysis #reverse-engineering

Origin | Interest | Match

ESET Research

@esetresearch.bsky.social

8 months ago

After years of dominance in #ESET’s top #infostealer statistics, the era of #AgentTesla has come to an end. It finished H1 2025 in fourth place, its numbers having decreased by 57%. The reason? It is no longer under active development. 1/4

東京Daysニュース＠相互フォロー100%

@tokyo-days.bsky.social

9 months ago

2025年4月の世界のサイバー脅威、FakeUpdatesがトップとなる状況を解析 2025年4月の脅威インデックスを発表しました。FakeUpdatesが上位を占め、サイバー攻撃の複雑化が進む中、効果的な防御戦略が求められています。

2025年4月の世界のサイバー脅威、FakeUpdatesがトップとなる状況を解析 #FakeUpdates #Remcos #AgentTesla

2025年4月の脅威インデックスを発表しました。FakeUpdatesが上位を占め、サイバー攻撃の複雑化が進む中、効果的な防御戦略が求められています。

CySecurity News

@cysecuritynews.bsky.social

10 months ago

Tesla Users Targeted by Dangerous New Malware: What You Should Know   Tesla has often made headlines lately, but this new problem is not connected to Elon Musk or his cars. Instead, it involves cybercriminals who are trying to steal people’s private information using a dangerous software called Agent Tesla. Here’s a clear explanation of how the attack works and what you need to stay safe. Attackers Use Clever Tricks to Spread Malware Researchers from Unit 42, the security team at Palo Alto Networks, have reported a new online threat. This time, hackers are sending fake emails to people, pretending that important documents like invoices or payment receipts are attached. When someone opens the file, it quietly triggers a hidden script. This script then downloads a second program called PowerShell, which runs silently from the computer’s temporary folder, making it much harder for antivirus software to detect. Once the script is active, the attack can follow one of two different paths: it either launches a .NET file or an AutoIt dropper. Depending on which one is used, different types of harmful programs are installed on the victim’s device. Although each step of the attack is simple, when combined, they make the entire process harder to spot and stop. What is Agent Tesla? One of the main threats delivered by this campaign is Agent Tesla. Agent Tesla is a type of malware known as a Remote Access Trojan (RAT). It allows hackers to secretly access and steal important information from an infected device. Once inside, it can gather: 1. Usernames and passwords 2. Email contacts and communication details 3. Financial data 4. Saved information from web browsers 5. Screenshots from the user’s computer 6. Information from email apps 7. Records of everything typed (keystrokes) It can even read private email and chat messages, making it very dangerous for both individuals and businesses. The same attack campaign was also seen using other malware like Remcos RAT and XLoader, but Agent Tesla was a major part of the operation because of its strong data theft abilities. Be Careful With Unknown Emails Since the attack begins with a simple email, it’s important to stay cautious. Avoid opening attachments you weren't expecting, especially if the email asks you to check a payment or invoice you do not recognize.

Tesla Users Targeted by Dangerous New Malware: What You Should Know #AgentTesla #Email #FinancialData

ReconBee

@reconbee.bsky.social

10 months ago

Multi-Stage Malware Attack Uses .JSE and PowerShell to Deploy Agent Tesla and XLoader encoded with JavaScript (.JSE) read more about Multi-Stage Malware Attack Uses .JSE and PowerShell to Deploy Agent Tesla and XLoader

Multi-Stage Malware Attack Uses .JSE and PowerShell to Deploy Agent Tesla and XLoader reconbee.com/multi-stage-...

#multistagemalware #malwareattack #JSE #PowerShell #agenttesla #XLoader #CyberSecurity #cyberattacks

Brad

@malware-traffic-analysis.net

1 year ago

2025-02-12 (Wed): #VIP_Recovery (an #AgentTesla variant) from Brazil #malspam --> zip attachment --> extracted EXE.

File name: Factura Gastos.exe

Email accounts for data exfiltration: antonipont@grupobdb[.]com --> cludsewe3@gmail[.]com

EXE available at: bazaar.abuse.ch/sample/c7620...

Brad

@malware-traffic-analysis.net

1 year ago

Screenshot of the email and the associated malware as an attached file.

Traffic from the infection filtered in Wireshark.

2025-02-07 (Friday): Today's boring example of #malpsam pushing #GuLoader for #AgentTesla style malware. EXE of this malware available at bazaar.abuse.ch/sample/833aa...

Brad

@malware-traffic-analysis.net

1 year ago

2025-01-09 (Thursday): #CVE-2017-0199 #XLS --> #HTA --> #VBS --> #steganography --> #DBatLoader or #GuiLoader style malware for #AgentTesla. Data exfil over FTP. A #pcap from an infection, the associated malware, and more info available at www.malware-traffic-analysis.net/2025/01/09/i...

Brad

@malware-traffic-analysis.net

1 year ago

2025-01-09 (Thursday): Now this is more like it! Real #malspam with real #malware. Even if the infection traffic looks like it's an #Matiex or #SnakeLogger or #AgentTesla variant that exfiltrates data through api.telegram[.]org.

#AnyRun analysis of the malware EXE at: app.any.run/tasks/8ffd01...

Peppem_#VotaNO

@zpeppem.bsky.social

1 year ago

FormBook, Rhadamanthys e AgentTesla i Malware Più Diffusi in Italia Sintesi settimanale del cert agid relativamente alle campagne di phishing e malware più diffusi in Italia.

#FormBook, #Rhadamanthys e #AgentTesla i #Malware più Diffusi in Italia.

Brad

@malware-traffic-analysis.net

1 year ago

Screenshot of the email showing a TAR archive as an email attachment.

The TAR archive and its content, a Windows EXE file for AgentTesla

An update to the Windows registry showing the malware persistent on an infected Windows host.

Traffic from an infection filtered in Wireshark to show the FTP data exfiltration traffic.

2024-12-04 (Wednesday): #AgentTesla variant using #FTP for data exfiltration. A sanitized copy of the email distributing the malware, a #pcap from an infection run, the associated malware samples, and a list of indicators are available at www.malware-traffic-analysis.net/2024/12/04/i...

Brad

@malware-traffic-analysis.net

1 year ago

2024-11-25 (Monday): My thanks to the criminals who email malware directly to my inbox. This one is #AgentTesla using #FTP for #data_exfiltration. Sends to FTP server approx every 10 minutes.

Attached disk image file: bazaar.abuse.ch/sample/7a11d...

Extracted EXE: bazaar.abuse.ch/sample/2362b...

YourAnonRiots 🐈️🏴🇵🇸🇲🇲🦋

@youranonriots.bsky.social

1 year ago

New Phishing Campaign Uses Stealthy JPGs to Drop Agent Tesla Follow us on Twitter (X) @Hackread - Facebook @ /Hackread

Spanish speakers beware! A new campaign using the Agent Tesla RAT targets Spanish-speaking individuals.
hackread.com/phishing-cam...
#CyberSecurity #AgentTesla #Malware

Rene Robichaud

@neroqc.bsky.social

2 years ago

Online Travelers at Risk: Agent Tesla Malware Attacks Travel Industry Each day new variations in malware campaigns are observed and malware authors always try to find different ways to spread malware. Among these, one way of spreading the malware is through attachments

Online Travelers at Risk: Agent Tesla Malware Attacks Travel Industry
www.forcepoint.com/blog/x-labs/...
#Infosec #Security #Cybersecurity #CeptBiro #OnlineTravelers #Risk #AgentTesla #MalwareAttacks #TravelIndustry

Kostas

@kostastsale.bsky.social

2 years ago

#AgentTesla (dropped by #GuLoader .vbs file [1]) is using the PowerShell framework Pester [2] to enumerate the victim host and evade detections. It's also running the BitsTransfer PowerShell module in a loop to download further stages from Google Drive [3] (Viru.aaf .... subtle 😂).