Comment: Upgraded Agent Tesla malware steals passwords from browsers, VPNs

By   ISBuzz Team
Writer , Information Security Buzz | Aug 12, 2020 04:39 am PST

New variants of Agent Tesla remote access Trojan now come with modules dedicated to stealing credentials from applications including popular web browsers, VPN software, as well as FTP and email clients. Agent Tesla is a commercially available .Net-based info stealer with both remote access Trojan (RAT) and with keylogging capabilities active since at least 2014. This malware is currently very popular with business email compromise (BEC) scammers who use it to infect their victims for recording keystrokes and taking screenshots of compromised machines. It can also be used for stealing victims’ clipboard contents data, for collecting system information, and for killing anti-malware and software analysis processes.

Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Stuart Sharp
Stuart Sharp , VP of Solution Engineering
August 12, 2020 1:29 pm

Any malware with the capability of stealing passwords is very concerning given that they are traditionally a first line of defense for most websites and applications. It is even more concerning that they are able to steal passwords from VPNs which have become increasingly important in recent months for businesses functioning in the remote/hybrid working model ushered in by the COVID 19 pandemic. In order to prevent attackers from infiltrating deeper, both organisations and consumers alike need to implement Multi-Factor Authentication (MFA). MFA Apps, hard tokens, biometrics, or one-time passwords prevent 99.9% of account takeovers and are instrumental if you want to defend against keyloggers. Businesses should also consider moving away from their dependency on passwords by taking advantage of the latest innovations in passwordless authentication.

Last edited 3 years ago by Stuart Sharp

Recent Posts

Would love your thoughts, please comment.x