As if there weren't enough to worry about these days, a new version of a popular piece of malware has appeared. Specifically, it is able to obtain login information from common software, including web browsers such as Chrome and Firefox, VPN services, email clients, etc. [According to Jim Walter, senior threat researcher at SentinelOne (via Bleeping Computer), it can even pull credentials from the registry. Security researchers have observed a "steady increase" in its use over the past year or so.
"The malware was initially sold on various underground forums and marketplaces, as well as on its own (now defunct) AgentTesla.com site. and management panel for data collection and management; Sentinel Labs explained that "information retrieved from infected devices is immediately available to attackers via the panel's interface. [Part of the appeal of these malware is their inexpensive pricing. When it first appeared, Agent Tesla was offered in packages of $12 per month, $25 for 3 months, and $35 for 6 months.
Fortunately, Agent Tesla is not so cleverly delivered. Like many types of malware, it spreads primarily through phishing campaigns. Recently, it has been found in emails purporting to provide updates to Covid-19 from the World Health Organization (WHO). It has also been injected into specially crafted Office documents.
In addition to stealing login information from various legitimate software, Agent Tesla is also a keylogger. In fact, installing a keylogger is one of the first things it does after infecting a system. It can also steal Wi-Fi passwords.
As is usually the case with such victimization, smart computing habits are the best defense. For example, do not click on links in e-mails without due diligence, especially unexpected e-mails, and beware of e-mail attachments.
As for AV, these days we mainly rely on Defender, which is built into Windows 10. But if you're looking for more bells and whistles in a third-party solution, check out our summary of the best antivirus for PC gaming.
Comments