Published
1 year agoon
The information stealer is called Agent Tesla and, in a new report published today, Sophos researchers explain Agent Tesla’s latest features and functionality.
Agent Tesla steals information from web browsers, email clients, virtual private network clients, and other software that stores usernames and passwords.
It can capture keystrokes while users are typing, for example entering their password, and record screenshots, so it can see what is on their screen.
The more recent version of the info-stealer can use the Telegram messaging service to communicate with its operators, as well as a software program called Tor (that’s very popular on the dark web) to hide activity like the removal of stolen data. It also tries to alter software code to block security protection.
“Agent Tesla malware has been active for more than seven years, yet it remains one of the most common threats to Windows users,” said Sean Gallagher, senior security researcher, Sophos.
Gallagher added that the most widespread delivery method for Agent Tesla is malicious spam attachments.
According to him, the email accounts used to spread Agent Tesla are often legitimate accounts that have been compromised.
“Organizations and individuals should, as always, treat email attachments from unknown senders with caution, and verify all attachments before opening them,” he added.
According to Sophos, recommended IT admin checklist for email security includes:
Sophos endpoint protection, Intercept X, detects Agent Tesla malware.