Experts Reaction On Agent Tesla New Variants To Bypass Endpoint Protection

Sophos researchers ahve discovered two new variants of the Agent Tesla malware targeting Microsoft Anti-Malware Software Interface (AMSI). Agent Tesla operators will now attempt to tamper with AMSI to degrade its defences and remove endpoint protection at the point of execution. If successful, this allows the malware to deploy its full payload.

Experts Comments

February 03, 2021
Chris Hauk
Consumer Privacy Champion
Pixel Privacy

Malware like Agent Tesla once again underscores the fact that the weakest link in any line of malware defence is the average user. Until users are educated and convinced not to open attachments or click links in emails and text messages, malware like Agent Tesla will continue to inflict itself on networks.

February 03, 2021
Paul Bischoff
Privacy Advocate
Comparitech

The fact that Agent Tesla made up 20 percent of malicious email attachments detected by Sophos shows how popular the strain of malware has become. Hopefully, Microsoft will release a patch soon that prevents unauthorized changes to the AMSI. Be sure to keep your Windows devices up to date. Until then, never open links or attachments in unsolicited emails. Scan attachments if possible and always verify the sender's identity before opening. Consider opening attachments in a sandboxed environment.

.....Read More

The fact that Agent Tesla made up 20 percent of malicious email attachments detected by Sophos shows how popular the strain of malware has become. Hopefully, Microsoft will release a patch soon that prevents unauthorized changes to the AMSI. Be sure to keep your Windows devices up to date. Until then, never open links or attachments in unsolicited emails. Scan attachments if possible and always verify the sender's identity before opening. Consider opening attachments in a sandboxed environment.

  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.