What is the “Redundancies Across The Organization” malicious email
“Redundancies Across The Organization” email is part of a new malicious email campaign that distributes the Agent Tesla RAT (Remote Access Trojan). The email falsely informs the recipient that their employment has been terminated. The email contains a malicious attachment, which users are prompted to open by the sender. If users open it, their computers become infected with a dangerous trojan that can steal personal/sensitive information.
A new malicious spam campaign is currently going around, distributing the Agent Tesla trojan. The email likely targets specific people and those whose employment information is available online. It carries an attachment, which, if opened, will result in an infection.
The email has a subject line “YOUR EMPLOYMENT STATUS”, which will immediately catch users’ attention. If the recipient opens the email, they will be greeted with an alarming message informing them of their alleged termination. The malicious email explains that because of severe tax imposition, the company the recipient is employed in is no longer able to sustain the current workforce. This has supposedly forced the company to terminate several positions in the company, including the recipient’s.
The email is supposedly sent by the company’s HR Manager. They claim that as a gesture of goodwill, the recipient will receive a three-month salary to help during the transition between jobs. The details of the payments are supposedly included in the document attached to the email. The email further explains that if the recipient has questions, they should contact the HR department using the provided email address.
If users open the attached file, they will initiate the trojan. Remote access trojans are stealthy infections that users would not immediately notice. They stay in the background to avoid detection and carry out their activities. RAT infections are controlled remotely so their malicious activities depend on the operator. What’s worse is that many different malicious actors operate the Agent Tesla RAT because developers sell its subscriptions. But no matter who is operating it, the malware can do much damage.
The Agent Tesla RAT can be used to steal highly sensitive information, such as login credentials, banking information, and payment card data. This information is immediately transferred to the trojan operators. The information can be sold on various hacker forums or used by malware operators. Users’ personal information is a very hot commodity among cybercriminals.
The fullĀ “Redundancies Across The Organization” malicious email is below:
Subject: YOUR EMPLOYMENT STATUS
Dear -,
We regret to inform you that due to a severe tax imposition on our company, we are no longer able to sustain our current workforce. As a result, we have made the difficult decision to implement redundancies across the organization.
Unfortunately, this means that we are no longer able to continue your employment with –
. Your last working days will be [30-6-2024].
We understand the impact of this decision on you, and as a gesture of goodwill, we have attached your three months’ upfront salary to assist you during this transition period. The details of your final payment are included with attached documents.
Please find attached the necessary documents regarding your redundancy and the breakdown of your final salary payment.
We appreciate your contributions to the company and regret that we have to part ways under these circumstances. Should you need any assistance or have any questions regarding your redundancy package, please do not hesitate to contact the HR department at -,
Thank you for your understanding and cooperation during this challenging time.
Sincerely,
HR Manager
If it hasn’t been made clear yet, the contents of this email are fake. If users receive this email and the company information is correct, it’s likely that malicious actors use publicly accessible information to target users.
“Redundancies Across The Organization” malicious email removal
If users did not interact with this email, they do not need to do anything because their computers were not infected. However, if they opened the email attachment, their computers were likely infected with the Agent Tesla trojan. The trojan may not be noticeable without an anti-virus program but it’s detected by many security programs. If the trojan is present, it’s essential to remove it as soon as possible. Because it’s a data-stealing trojan, once it’s been removed, users need to secure all of their accounts by changing passwords and enabling multi-factor authentication if they can still access accounts.
Agent Tesla is also detected as:
- Win32:Malware-gen by Avast/AVG
- Trojan.GenericKD.73305258 by BitDefender
- HEUR:Trojan.Win32.Makoob.gen by Kaspersky
- Trojan.GuLoader by Malwarebytes
- Trojan:Win32/GuLoader.KZLJ by Microsoft
Site Disclaimer
WiperSoft.com is not sponsored, affiliated, linked to or owned by malware developers or distributors that are referred to in this article. The article does NOT endorse or promote malicious programs. The intention behind it is to present useful information that will help users to detect and eliminate malware from their computer by using WiperSoft and/or the manual removal guide.
The article should only be used for educational purposes. If you follow the instructions provided in the article, you agree to be bound by this disclaimer. We do not guarantee that the article will aid you in completely removing the malware from your PC. Malicious programs are constantly developing, which is why it is not always easy or possible to clean the computer by using only the manual removal guide.