The attack involves an Excel document that allows malicious code to be executed by exploiting a memory corruption vulnerability in the equation editor. The complex infection process begins with a complex Visual Basic Script that initiates the download of a malicious JPG file containing a Base64-encoded DLL file.
This DLL file is then injected into the Windows Assembly Registration Tool (RegAsm.exe), paving the way for the final payload: Agent Tesla, an advanced keylogger and remote access trojan (RAT). Able to silently collect sensitive information, Agent Tesla communicates with a remote C2 server to retrieve the stolen data.
Security researcher Kaivalya Khursale emphasizes that it is important to stay up to date to protect against such sophisticated attacks.
Source: Ferra
I am a professional journalist and content creator with extensive experience writing for news websites. I currently work as an author at Gadget Onus, where I specialize in covering hot news topics. My written pieces have been published on some of the biggest media outlets around the world, including The Guardian and BBC News.
