Experts Reaction On Agent Tesla New Variants To Bypass Endpoint Protection

By   ISBuzz Team
Writer , Information Security Buzz | Feb 03, 2021 08:06 am PST

Sophos researchers ahve discovered two new variants of the Agent Tesla malware targeting Microsoft Anti-Malware Software Interface (AMSI). Agent Tesla operators will now attempt to tamper with AMSI to degrade its defences and remove endpoint protection at the point of execution. If successful, this allows the malware to deploy its full payload.

Notify of
2 Expert Comments
Oldest Most Voted
Inline Feedbacks
View all comments
Chris Hauk
Chris Hauk , Consumer Privacy Champion
February 3, 2021 4:12 pm

<p>Malware like Agent Tesla once again underscores the fact that the weakest link in any line of malware defence is the average user. Until users are educated and convinced not to open attachments or click links in emails and text messages, malware like Agent Tesla will continue to inflict itself on networks.</p>

Last edited 2 years ago by Chris Hauk
Paul Bischoff
Paul Bischoff , Privacy Advocate
February 3, 2021 4:10 pm

<p>The fact that Agent Tesla made up 20 percent of malicious email attachments detected by Sophos shows how popular the strain of malware has become. Hopefully, Microsoft will release a patch soon that prevents unauthorized changes to the AMSI. Be sure to keep your Windows devices up to date. Until then, never open links or attachments in unsolicited emails. Scan attachments if possible and always verify the sender\’s identity before opening. Consider opening attachments in a sandboxed environment.</p>

Last edited 2 years ago by Paul Bischoff

Recent Posts

Would love your thoughts, please comment.x