'SIDDHIVINAYAK' Email Scam

Cybercriminals are disseminating spam emails carrying poisoned file attachments. The lure emails are presented as if coming from an automation and electrical solutions company, regarding a supposed PO (Purchase Order). According to the messages, users are supposed to review the attached file and send back a PI (likely a Purchase Invoice). However, the delivered file is just a carrier for a potent RAT (Remote Access Trojan) threat, known as Agent Tesla.

If executed on the user's system, Agent Tesla can allow the attackers to perform a wide range of invasive actions. First, the threat will maintain a remote access channel to the device. The cybercriminals can then execute remote commands, manipulate the file system, or use the threat to collect various confidential or sensitive information. Indeed, the threat actors can activate keylogging routines capturing every pressed button, extract data from browsers, email and messenger clients, VPNs, FTP clients and more.

The consequences of a RAT infection can be devastating and will depend on the particular goal of the attackers. Victims can suffer financial losses, lose access to their private or business accounts, have sensitive information leaked to third parties, etc.