CVE Tools
Back to feed
Daily CyberSecurity (securityonline.info) ·EN-US News source Exploited in the wildAgent Tesla

Inside the Stealthy Agent Tesla Infection Chain

By Do Son··4 min read
CVE Tools coverage

Attackers are using phishing emails that deliver obfuscated script-based loaders to trigger an advanced Agent Tesla infection chain, moving from attachment execution to process injection, stealthy data theft, and exfiltration with minimal user awareness. The article highlights how this modern approach shifts away from older Microsoft Office exploitation commonly associated with CVE-2017-11882, CVE-2017-0199, and CVE-2018-0802, while still referencing CVE-2023-24059 in the context of the observed threat. This matters because the reliance on in-memory payload execution, process hollowing, and anti-analysis checks can make traditional detection harder, increasing the risk of credential and session compromise.