First discovered in 2014, Agent Tesla is an advanced keylogger with features like clipboard logging, screen keylogging, screen capturing, and extracting stored passwords from different web browsers. Recently, Zscaler ThreatLabz detected a threat campaign where threat actors leverage CVE-2017-11882 XLAM to spread Agent Tesla to users on vulnerable versions of Microsoft Office.
The CVE-2017-11882 vulnerability is a remote code execution flaw found in the Equation Editor of Microsoft Office. It arises due to a weakness in how the software manages system memory for objects. In this blog, Zscaler researchers examine the tactics employed by threat actors to deploy Agent Tesla malware using CVE-2017-11882.
Read more…
Source: Zscaler