Don’t let this malware infect your computer and steal your passwords

June 9, 2021

By Kim Komando

Most phishing campaigns will try to steal your personal data or sensitive information. There is a more lucrative approach, though, as cybercriminals go after corporate and work email systems. Through the complex network of connected computers, they can target thousands at once with malware.

Business Email Compromise (BEC) scams have been around for years, but malware creators must constantly update their systems to evade detection. Antivirus software has become more sophisticated, and so too must electronic threats. Tap or click here for five reasons this antivirus security suite is Kim’s pick for total online protection.

One of the most common attacks uses the Agent Tesla Remote Access Trojan (RAT), first developed seven years ago. In worrying research, the malware has now been found in recent breaches — adapted to mimic work emails.

Here’s the backstory

Even though many work systems have moved online, it’s not unusual to receive a Microsoft Office document attached to an email. Many office workers still share spreadsheets and Word docs to collaborate on, but you might want to take a closer look in the future.

A new variation of the Agent Tesla RAT has been discovered by FortiGuard Labs, hiding malware in email attachments. Spam emails are sent through a targeted phishing campaign, and once the attachment is opened, it downloads and executes several pieces of VBscript code.

According to FortiGuard Labs: “Agent Tesla, first discovered in late 2014, is a known spyware focused on stealing sensitive information from a victim’s device, such as saved application credentials, keyboard inputs (keylogger), etc.” It is also proficient in stealing Bitcoin address information.

Making matters worse, FortiGuard points out that Agent Tesla is commercially available for anyone to buy and use.

What you should do now

In many cases, cybercriminals will name the email attachment something that has to do with business, like “Order Requirements” or “Invoice for Purchase.” At first glance, it appears like a regular email. But the danger lurking inside is real.

The empty document has sheets that are hidden and contains several Macro functions. One of these is coded with “Workbook_BeforeClose().” That means the malware payload is automatically downloaded when the spreadsheet is closed.

The document can contain several malicious codes, with one being a Bitcoin hijacker. “It does this by continually detecting the data on the system clipboard. If it’s a valid Bitcoin address, it replaces the Bitcoin address with attacker’s,” FortiGuard explains. When that takes place, any Bitcoin you had will now be in possession of the attacker.

There are several things you can do to protect yourself from BEC scams:

• Check incoming email addresses carefully, especially when they demand financial transactions. Even a single missing character could be the difference between a real email and a fake one.
• Look for recurring subject lines like “Request,” “Follow-up,” “Urgent/Important,” “Are you available?/Are you at your desk?” and others.
• Verify messages from your boss requesting money transfers, gift card purchases and any request involving sensitive company information. See them in person, or give them a call.
• Don’t click on web links or attachments in any suspicious emails. They could redirect you to a malicious site or install malware onto your computer.

Keep reading

New Mac malware secretly takes screenshots of what you’re doing

Watch your work email for malware that can hijack your system