New AgentTesla Keylogger install method – Choice.exe

We continue to see AgentTesla keylogger / Infostealer on a daily basis. The UK generally has been fairly quiet for malware over the last few months ( since Easter 2019) and we are only seeing the “commodity” malware like AgentTesla, Hawkeye, Nanocore, Lokibot etc on a very frequent basis. Over the last week or 10 days we have noticed a slight change in the delivery / install method for AgentTesla. They are using choice.exe silently to install the malware. Choice.exe is a Microsoft default file in all current Microsoft OS versions that is supposed to be used with bat files … Continue reading →

Article Link: