Cisco Talos security experts discovered a new malware campaign that distributes a trojan dubbed “Agent Tesla” used to steal data. Loki information stealer was also discovered in the campaign.
“Initially, Talos’ telemetry systems detected a highly suspicious document that wasn’t picked up by common antivirus solutions. However, Threat Grid, Cisco’s unified malware analysis and threat intelligence platform, identified the unknown file as malware. The adversaries behind this malware use a well-known exploit chain, but modified it in such a way so that antivirus solutions don’t detect it,” Talos stated in a recent blog post.
Talos also said that Agent Tesla can steal user’s login information from multiple software, to include Google Chrome, Mozilla Firefox, Microsoft Outlook and others.
The malware can “capture screenshots, record webcams, and allow attackers to install additional malware on infected systems.”