New variants of Agent Tesla remote access Trojan now come with modules dedicated to stealing credentials from applications including popular web browsers, VPN software, as well as FTP and email clients. Agent Tesla is a commercially available .Net-based info stealer with both remote access Trojan (RAT) and with keylogging capabilities active since at least 2014. This malware is currently very popular with business email compromise (BEC) scammers who use it to infect their victims for recording keystrokes and taking screenshots of compromised machines. It can also be used for stealing victims’ clipboard contents data, for collecting system information, and for killing anti-malware and software analysis processes.
Any malware with the capability of stealing passwords is very concerning given that they are traditionally a first line of defense for most websites and applications. It is even more concerning that they are able to steal passwords from VPNs which have become increasingly important in recent months for businesses functioning in the remote/hybrid working model ushered in by the COVID 19 pandemic. In order to prevent attackers from infiltrating deeper, both organisations and consumers alike need to implement Multi-Factor Authentication (MFA). MFA Apps, hard tokens, biometrics, or one-time passwords prevent 99.9% of account takeovers and are instrumental if you want to defend against keyloggers. Businesses should also consider moving away from their dependency on passwords by taking advantage of the latest innovations in passwordless authentication.