A new phishing campaign has been detected that uses fake emails posing as DHL to distribute malware. In these messages, A suspected problem with the delivery of a package is reported, prompting users to download an attachment for more details. However, The file contains malware, how Agent Tesla, Designed to steal credentials from common applications such as browsers or mail clients.
The goal of these emails is to infect users' devices, especially in Spain, in order to steal sensitive data and sell or use it in future attacks. The malicious file that is attached often has a deceptive extension, how PDF.img, which is actually a compressed ZIP file containing a dangerous executable. These attacks are not new, but they have resurfaced after the holiday period, taking advantage of the return to work of many users.
This type of malware, how Agent Tesla and other variants, It allows cybercriminals to remotely control infected devices and access key information. Organizations and users should be especially vigilant of emails that include suspicious attachments, even if they appear to come from trusted sources like DHL.
To avoid falling for these scams, It is advisable to implement advanced security solutions that block these emails before they reach inboxes. In addition, It is important to carefully check the senders' domains and not download attachments that have not been requested.
Fountain: Digital Shield
Image Bahnfisch, CC BY-SA 3.0, via Wikimedia Commons
