Agent Tesla Malware Employs Multi-Stage Attacks Using PowerShell Scripts

Security researchers have identified a sophisticated malware campaign utilizing Agent Tesla variants delivered through elaborate multi-stage attack sequences. Broadcom researchers noted that these Agent Tesla variants employ particularly sophisticated obfuscation techniques, making detection increasingly challenging for conventional security tools. Researchers have identified multiple protection mechanisms that can detect various stages of this attack, including behavior-based detection of suspicious PowerShell activities and network monitoring for unexpected connections to certificate authorities. This PowerShell script serves as the delivery mechanism for the final Agent Tesla payload, which gets loaded directly into memory and injected into legitimate Windows processes to maintain persistence while evading detection. “The threat actors behind this campaign have demonstrated advanced capabilities in designing multi-stage attacks that can bypass many standard security measures,” explained the research team in their analysis. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. The malware operation, discovered in mid-April 2025, leverages PowerShell scripts as a critical component in its infection chain, demonstrating increased technical complexity compared to earlier variants. Organizations should implement comprehensive security measures including email filtering, PowerShell logging, and advanced endpoint protection to mitigate these threats effectively. The emergence of these sophisticated Agent Tesla variants highlights the continuing evolution of malware delivery techniques. The modular nature of the attack allows threat actors to adapt their techniques quickly when detection measures improve. The malware utilizes process hollowing techniques to replace the code of a legitimate process with its malicious code, allowing it to operate under the guise of trusted system processes. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. The infection sequence begins when users open the malicious attachment, triggering a hidden JavaScript file that initiates the attack chain.

This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 17 Apr 2025 10:45:04 +0000

Cyber News related to Agent Tesla Malware Employs Multi-Stage Attacks Using PowerShell Scripts

Tesla 'Recalls' Two Million Cars Autopilot Risk - Elon Musk's Tesla is to 'recall' nearly every vehicle sold in the United States, after two year NHTSA investigation. Elon Musk's Tesla is having to recall nearly all its vehicles it has sold in the United States, after the US transportation safety ...
1 year ago Silicon.co.uk

Agent Tesla Malware Employs Multi-Stage Attacks Using PowerShell Scripts - Security researchers have identified a sophisticated malware campaign utilizing Agent Tesla variants delivered through elaborate multi-stage attack sequences. Broadcom researchers noted that these Agent Tesla variants employ particularly ...
2 months ago Cybersecuritynews.com

Tesla Issues Fourth Recall For Cybertruck - Most Cybertrucks in the United States are being recalled over problems with windshield wipers and exterior trim. Elon Musk's Tesla is once again having to issue a recall for thousands of its slab-sided Cybertruck vehicles due to a couple of ...
11 months ago Silicon.co.uk

Operation RusticWeb Using PowerShell Commands to filtrate Doc - Hackers use PowerShell commands because they provide a powerful scripting environment on Windows systems, allowing them to stealthily execute malicious scripts and commands called Operation RusticWeb. The PowerShell's capabilities make it an ...
1 year ago Gbhackers.com

Fake Captcha Malware Attacking Windows Users To execute PowerShell Commands - A sophisticated malware campaign is targeting Windows users through deceptive CAPTCHA verification prompts that trick victims into executing malicious PowerShell scripts. Security experts recommend implementing robust security awareness training and ...
3 months ago Cybersecuritynews.com

Attackers Exploit 6-Year-Old Microsoft Office Bug to Spread Spyware - Attackers are exploiting a 6-year-old Microsoft Office remote code execution flaw to deliver spyware, in an email campaign weaponized by malicious Excel attachments and characterized by sophisticated evasion tactics. Threat actors dangle lures ...
1 year ago Darkreading.com CVE-2017-11882 CVE-20170-11882 Equation

Tesla Expands Market Share Lead In Norway - Tesla expands top Norwary market share to 20 percent of new cars, even as it loses position as biggest EV seller worldwide to China's BYD. Tesla has expanded its leading share of Norways' electric vehicle market as the oil-producing country seeks to ...
1 year ago Silicon.co.uk

BianLian GOs for PowerShell After TeamCity Exploitation - In conjunction with GuidePoint's DFIR team, we responded to an incident that began with the exploitation of a TeamCity server which resulted in the deployment of a PowerShell implementation of BianLian's GO backdoor. The threat actor identified a ...
1 year ago Securityboulevard.com CVE-2024-27198 CVE-2023-42793 BianLian

EncryptHub A Multi-Stage Malware Compromised 600 Organizations - The multi-stage attack begins with the execution of a PowerShell command that downloads the first-stage payload: “powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -Command “Invoke-RestMethod -Uri ...
3 months ago Cybersecuritynews.com

Pwn2Own Automotive: $1.3M for 49 zero-days, Tesla hacked twice - The first edition of Pwn2Own Automotive has ended with competitors earning $1,323,750 for hacking Tesla twice and demoing 49 zero-day bugs in multiple electric car systems between January 24 and January 26. Throughout the contest organized by Trend ...
1 year ago Bleepingcomputer.com

Tesla Recalls 27,00 Cybertrucks Over Rear Camera | Silicon UK - CNBC reported that Tesla said on Thursday it would recall more than 27,000 Cybertrucks due to delayed rear-view camera images that could impair driver visibility and increase crash risks. CNBC reported that Tesla said on Thursday that the ...
8 months ago Silicon.co.uk

New KoiLoader Abuses Powershell Scripts to Deliver Malicious Payload - Cyber Security News - This updated strain employs PowerShell scripts embedded within Windows shortcut (LNK) files to bypass traditional detection mechanisms, demonstrating a concerning evolution in attack methodologies. eSentire’s Threat Response Unit (TRU) first ...
2 months ago Cybersecuritynews.com

Types of Malware and How To Prevent Them - Malware is one of the biggest security threats to any type of technological device, and each type of malware uses unique tactics for successful invasions. Even if you've downloaded a VPN for internet browsing, our in-depth guide discusses the 14 ...
11 months ago Pandasecurity.com

Top 10 Best Dynamic Malware Analysis Tools in 2025 - FireEye Malware AnalysisEnterprise-grade solution, zero-day detection, integration with threat intelligence, memory forensics.Enterprise-grade malware detection and forensicsPricing details not publicly available; contact for quote.Yes6. Detux ...
3 months ago Cybersecuritynews.com

Hackers Exploiting Old Microsoft Office RCE Flaw - It has been reported that malicious individuals are utilizing a malware called Agent Tesla to target Microsoft Office users using versions affected by CVE-2017-11882 XLAM. This malware is taking advantage of a remote code execution vulnerability in ...
1 year ago Gbhackers.com CVE-2017-11882 Equation

Stemming the Tide: Solving the Challenge of Password Reuse and Password-Stealing Malware - Password stealing malware is again rising with several attacks making the news cycle in recent months. A new password-stealing malware named Ov3r Stealer was discovered on Facebook Ads, spreading by way of fake job opportunities. Further analysis ...
1 year ago Cybersecurity-insiders.com