Coronavirus continues to emerge as a leading malicious theme. Since 16 March, we observed a series of campaigns using COVID-19 or Coronavirus-themed spam emails to distribute the Agent Tesla information stealer (infostealer). While we also observed two other large campaigns distributing the Hawkeye keylogger and Predator the Thief, the majority of this report will focus only on Agent Tesla.
Agent Tesla is an easy-to-use, readily available keylogger that can capture and store keystrokes, steal credentials and information from forms, and exfiltrate data to a command and control (C2) server. Agent Tesla can also steal data from a victim’s clipboard, as well as videos and pictures from a connected camera. Threat actors can use newer versions of the malware to execute remote code and potentially download additional malware.
To find out more detailed information about this emerging threat please download our report here: https://insights.infoblox.com/threat-intelligence-reports/threat-intelligence–65