Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Agent Tesla’s ZPAQ Cyber Threat Evolution

November 22, 2023
Reading Time: 8 mins read
in Alerts
Agent Tesla’s ZPAQ Cyber Threat Evolution

A new iteration of the Agent Tesla malware has surfaced, employing a novel approach by utilizing the ZPAQ compression format in its latest attack strategy. This method involves the delivery of the malware through a lure file, masked as a ZPAQ-compressed PDF document, aiming to harvest data from numerous email clients and nearly 40 web browsers.

G Data malware analyst Anna Lvova underscores the advantages of ZPAQ, such as a superior compression ratio and journaling function, but notes its drawback of limited software support. This innovative attack chain begins with an email attachment, extracting a bloated .NET executable upon opening, designed to bypass traditional security measures by inflating the sample size to 1 GB.

Agent Tesla, a keylogger and remote access trojan offered as part of a malware-as-a-service model, first emerged in 2014 and is commonly employed as a first-stage payload. Typically distributed through phishing emails, recent campaigns exploit a six-year-old memory corruption vulnerability in Microsoft Office’s Equation Editor.

Lvova explains that the primary function of the unarchived .NET executable is to download and decrypt a file with a .wav extension, utilizing common file extensions to disguise the traffic and complicate detection by network security solutions.

The ultimate goal of this sophisticated attack is to infect the endpoint with Agent Tesla, obfuscated with .NET Reactor, a legitimate code protection software, with command-and-control communications established via Telegram.

This development signifies a shift in the tactics of threat actors, as they experiment with unconventional file formats for malware delivery, emphasizing the need for heightened user awareness and system maintenance.

Lvova suggests that the use of the ZPAQ compression format raises questions about whether threat actors are targeting a specific group with technical knowledge or testing alternative techniques to spread malware efficiently while evading security software. The evolving landscape of cyber threats underscores the importance of users remaining vigilant and keeping their systems updated to thwart emerging and unconventional tactics.

 

Reference:
  • New “Agent Tesla” Variant: Unusual “ZPAQ” Archive Format Delivers Malware
Tags: Agent TeslaCyber AlertCyber Alerts 2023Cyber AttacksCybersecurityKeyloggerMalwareNovember 2023RATRemote Access Trojans
ADVERTISEMENT

Related Posts

Malicious Firefox Add Ons Steal Crypto Keys

Malicious Firefox Add Ons Steal Crypto Keys

July 4, 2025
Google Removes 352 ‘IconAds’ Fraud Apps

Google Removes 352 ‘IconAds’ Fraud Apps

July 4, 2025
Browser Cache Attack Bypasses Web Security

Browser Cache Attack Bypasses Web Security

July 4, 2025
Critical Sudo Flaws Expose Linux Systems

Unkillable Mac Malware From North Korea

July 3, 2025
Critical Sudo Flaws Expose Linux Systems

PDFs Deliver QR Codes in Callback Scams

July 3, 2025
Critical Sudo Flaws Expose Linux Systems

Critical Sudo Flaws Expose Linux Systems

July 3, 2025

Latest Alerts

Google Removes 352 ‘IconAds’ Fraud Apps

Malicious Firefox Add Ons Steal Crypto Keys

Browser Cache Attack Bypasses Web Security

PDFs Deliver QR Codes in Callback Scams

Critical Sudo Flaws Expose Linux Systems

Unkillable Mac Malware From North Korea

Subscribe to our newsletter

    Latest Incidents

    Tech Incubator IdeaLab Discloses Data Breach

    Brazil’s CIEE One Exposes 248,000 Records

    McLaughlin & Stern Discloses Data Breach

    Cyberattack Hits Medtech Firm Surmodics

    Rhysida Ransomware Hits German Charity WHH

    Hacker Accesses Max Financial’s User Data

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial