Published: January 28, 2022 on our newsletter Security Fraud News & Alerts Newsletter.
Wouldn’t you love to have a Tesla? Well, someone has been listening, though they didn’t quite get the details correct. Instead of that shiny new electric car, they are “electrifying” you with the .Net-based info-stealer named Agent Tesla. It’s been actively circulating around the internet again, as a new variant of the original. And to remind us that no file type is immune from becoming malicious, this one uses Microsoft PowerPoint and a macro that can quickly douse the flame on anyone’s cheerful mood.
Some Fortinet researchers reported that an attachment with a PowerPoint file disguised as an invoice may show up in your email inbox. If it’s clicked, permission to “enable content” will appear. If that is allowed, BAM, a macro runs and you’re infected. And what do you get with that macro? Well, a keylogger, a cookie and credential stealer, a screenshot stealing tool, and a way for all of that info you add to your clipboard from time to time to be stolen too. It’s a cornucopia of information for the hackers.
Of course, there is more…It can grab data from around 70 applications including:
Web Browsers Chrome, Opera, Edge, Firefox, Safari, and many other less commonly used browsers, several VPN clients, FTP Clients, Email Clients such as Outlook, Eudora, Thunderbird, and more, downloader and IM clients, as well as MySQL and Microsoft Credentials.
Fortunately, you can do something to avoid this.
Keep your eye out for unsolicited links or attachments in email messages, no matter who the sender may be. If you aren’t expecting it, don’t click it.
Never enable macros on any type of document unless you know for certain what it’s going to do. If you don’t know, contact the sender and verify first.
Make sure all macros are disabled by default. If you aren’t sure how to check, ask your manager or someone working in your IT department.
Make sure your anti-malware software is updated at all times. It’s easy to keep this in check if you set it to auto-update.
Keep your cybersecurity shields up, even at the busiest times and you can avoid getting unwanted surprises like this one.
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at advisor@nadicent.com