Every day new threats are discovered in the digital world, threats that can arrive in the form of SMS, , WhatsApp message, phone call or even postal mail. Some are discreet malicious campaigns, and others are so massive that they attract the attention of large companies dedicated to computer security.

Now Avast has been the company that alerts of a new malicious spam campaign that is being distributed by email in Spain with the aim of deceiving users of La , one of the largest banking entities today.

Thousands of those attacks have been sent from specific email accounts, like the ones shown in the image below:

dangerous emails

The emails sent by these accounts, active for two years, already fall into spam marked as malicious, but now there are three new waves of attacks, with peaks detected on July 21, July 26 and August 2, 2022.

The shipments are made little by little so that there is less chance of detection and blocking, although in this case three large waves have been identified, all with the subject “UNPAID”.

The emails sent have a compressed attachment, a .rar file named liqefe096543, which includes an executable version with an .exe extension.

, the real threat

If someone downloads it and runs it (yes, there are still people who fall for those traps), a malware called Guloader will be installed, capable of downloading a spyware, the AgentTeslawhich steals passwords from browsers, emails, VPN clients, FTP clients, clipboard… is also capable of acting as a keylogger, for which it records the keys pressed to send them to the criminal.

AgentTesla can also take screenshots and download more malware, so it is really dangerous.

It is recommended to delete these emails in case they have not reached spam, and always have some type of antivirus active so that the threat is identified before it is too late. When in doubt, it is better to contact La Caixa to verify if there is indeed something unpaid.