The information stealer is called Agent Tesla and, in a new report published recently, Sophos researchers explain Agent Tesla’s latest features and functionality.
Agent Tesla steals information from web browsers, email clients, virtual private network clients, and other software that stores usernames and passwords.
It can capture keystrokes while users are typing, for example entering their password, and record screenshots, so it can see what is on their screen.
The more recent version of the info-stealer can use the Telegram messaging service to communicate with its operators, as well as a software program called Tor (that’s very popular on the dark web) to hide activity like the removal of stolen data. It also tries to alter software code to block security protection.
“Agent Tesla malware has been active for more than seven years, yet it remains one of the most common threats to Windows users,” said Sean Gallagher, senior security researcher, Sophos.
“The most widespread delivery method for Agent Tesla is malicious spam attachments. The email accounts used to spread Agent Tesla are often legitimate accounts that have been compromised. Organizations and individuals should, as always, treat email attachments from unknown senders with caution, and verify all attachments before opening them.”
Recommended IT admin checklist for email security
-Install an intelligent, security solution that can screen, detect and block suspicious emails and their attachments before they reach users
-Implement the recognised authentication standards to verify emails are what they claim to be
-Educate employees to spot the warning signs of suspicious emails and what to do if they encounter one
-Advise users to double check that emails come from the address and the person they claim to
-Advise users to never open attachments or click on links in emails from unknown senders
