Hackers Exploiting Old MS Excel Vulnerability to Spread Agent Tesla Malware

Hackers are exploiting an old Microsoft Office vulnerability (CVE-2017-11882) to deploy the Agent Tesla malware through decoy Excel documents in phishing campaigns, Zscaler ThreatLabz reports. The concealed DLL is injected into RegAsm.exe, the Windows Assembly Registration Tool, to launch the final payload. Other discovered phishing campaigns target the hospitality sector with email messages to distribute information stealer malware such as RedLine Stealer or Vidar Stealer.