National / World

Agent Tesla malware exploiting MS Office vulnerabilities: Report

Wed, Apr 29 2020 03:03:58 PM

New Delhi, Apr 29 (IANS): As coronavirus-related hacking scams gain steam, Pune-based Quick Heal Security Labs on Wednesday said it has observed Agent Tesla malware being delivered through such malicious campaigns to steal sensitive data by capturing keystrokes, taking screenshots and dumping browser passwords.

Actors behind this campaign are capitalizing on the global coronavirus panic to distribute Agent Tesla malware and steal sensitive user information.

Agent Tesla is currently exploiting Microsoft MS office vulnerabilities, titled CVE-2017-11882 and CVE-2017-8570, as well as archives with double extension executable (ZIP, RAR etc.).

One MS Office vulnerability allows the attacker to run arbitrary code and after successful exploitation to deliver the Agent Tesla payload.

This dropped payload performs code injection in known windows process RegAsm.exe.

"The injected code in RegAsm.exe performs all info-stealing activity and sends it to the CnC server. The RTF file is highly obfuscated with several invalid control words and whitespaces," informed the research team.

The .NET payload is downloaded from CVE-2017-11882 exploit.

When the execution begins, it starts decrypting the resource section where the malicious code is stored.

Using the process-injection method, it injects its code to a genuine Microsoft file, RegAsm.exe to bypasses security products.

"The purpose of this payload is to steal sensitive data, log user keys and to send this data to the SMTP server," the Quick Heal team added.

Another MS Office vulnerability triggers the execution of scripts without user interaction. The .NET payload is downloaded by the CVE-2017-8750 exploit. The purpose of this payload is to steal sensitive data, log user keys and send data to the SMTP server.

"Quick Heal advises users to exercise ample caution and avoid opening attachments and clicking on web links in unsolicited emails," the company said in a statement.

Users should also keep their Operating System updated and have a full-fledged security solution installed on all devices.

The research team said it is proactively monitoring all campaigns related to COVID-19 and working relentlessly to ensure the safety of customers.

Follow Daijiworld News Network on

Latest

BJP asks Delhi L-G to probe installation of gold-plated toilet at Kejriwal bungalow

UN chief alarmed by escalating violence in Haiti: Spokesperson

Pakistan: Suicide attack kills 12 military personnel, leaves 10 critically injured

One killed, three injured in blast at pharma company in Hyderabad

Madras HC orders CBI probe into Kallakurichi hooch tragedy

Wife entitled to enjoy same amenities as in matrimonial period during pendency of divorce petition:

Pilot confident of party's victory in Maharashtra, slams BJP over cash-for-votes scandal

National / World

Agent Tesla malware exploiting MS Office vulnerabilities: Report

Top Stories

Leave a Comment Your Email address will not be published.

Title: Agent Tesla malware exploiting MS Office vulnerabilities: Report

You might also like

Hardeep Puri heaps praise on ‘The Sabarmati Report’: Attempts were made to distort the narrative

Ranbir Kapoor, Shraddha Kapoor, Rakul, Jackky cast their votes in Mumbai

Huma Qureshi calls Shefali Shah and Rasika ‘superwomaniyas’

R. Balki: Few blockbusters happened in the last few years have actually been the worst films

Pooja Hegde gives a glimpse of ‘Thalapathy 69’ shoot in Chennai

Ananya Panday raises eyebrows with pic of Nani drinking beer

Nikkhil Advani says ‘The Crown’ served as a visual reference for ‘Freedom at Midnight’

The curious case of two Kumars: Dilip, Dileep, and their Saira Banus

Upasana stands by Ram Charan as he faces criticism for visiting Dargah

Cher reveals Gregg Allman broke up with her through a note