Security News > 2021 > December > Phishing campaign uses PowerPoint macros to drop Agent Tesla
A new variant of the Agent Tesla malware has been spotted in an ongoing phishing campaign that relies on Microsoft PowerPoint documents laced with malicious macro code.
Agent Tesla is a.Net-based info-stealer that has been circulating the internet for many years but remains a threat in the hands of phishing actors.
In June 2021, we reported about the active distribution of Agent Tesla in DHL-themed phishing campaigns that relied on the atypical WIM file attachment.
Exe, Agent Tesla can operate in the infected system file-less, so the chances of being detected drop significantly.
Agent Tesla features a keylogger, a browser cookie and saved credentials stealer, a Clipboard data sniffer, and even a screenshot tool.
If yes, it uninstalls Agent Tesla from the victim's system, including deleting all files made by Agent Tesla and removing keys from registry that Agent Tesla created, and exits the process.