Experts Reaction On Agent Tesla New Variants To Bypass Endpoint Protection

Sophos researchers ahve discovered two new variants of the Agent Tesla malware targeting Microsoft Anti-Malware Software Interface (AMSI). Agent Tesla operators will now attempt to tamper with AMSI to degrade its defences and remove endpoint protection at the point of execution. If successful, this allows the malware to deploy its full payload.

Subscribe
Notify of
guest
2 Expert Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Chris Hauk
Chris Hauk , Consumer Privacy Champion
InfoSec Expert
February 3, 2021 4:12 pm

<p>Malware like Agent Tesla once again underscores the fact that the weakest link in any line of malware defence is the average user. Until users are educated and convinced not to open attachments or click links in emails and text messages, malware like Agent Tesla will continue to inflict itself on networks.</p>

Last edited 1 year ago by Chris Hauk
Paul Bischoff
Paul Bischoff , Privacy Advocate
InfoSec Expert
February 3, 2021 4:10 pm

<p>The fact that Agent Tesla made up 20 percent of malicious email attachments detected by Sophos shows how popular the strain of malware has become. Hopefully, Microsoft will release a patch soon that prevents unauthorized changes to the AMSI. Be sure to keep your Windows devices up to date. Until then, never open links or attachments in unsolicited emails. Scan attachments if possible and always verify the sender\’s identity before opening. Consider opening attachments in a sandboxed environment.</p>

Last edited 1 year ago by Paul Bischoff
2
0
Would love your thoughts, please comment.x
()
x