Sophos researchers ahve discovered two new variants of the Agent Tesla malware targeting Microsoft Anti-Malware Software Interface (AMSI). Agent Tesla operators will now attempt to tamper with AMSI to degrade its defences and remove endpoint protection at the point of execution. If successful, this allows the malware to deploy its full payload.
<p>Malware like Agent Tesla once again underscores the fact that the weakest link in any line of malware defence is the average user. Until users are educated and convinced not to open attachments or click links in emails and text messages, malware like Agent Tesla will continue to inflict itself on networks.</p>
<p>The fact that Agent Tesla made up 20 percent of malicious email attachments detected by Sophos shows how popular the strain of malware has become. Hopefully, Microsoft will release a patch soon that prevents unauthorized changes to the AMSI. Be sure to keep your Windows devices up to date. Until then, never open links or attachments in unsolicited emails. Scan attachments if possible and always verify the sender\’s identity before opening. Consider opening attachments in a sandboxed environment.</p>