Upgraded Agent Tesla Found Stealing Browser’s And VPN’s Passwords

As per recent reports, the new strains of Agent Tesla is acting like information-stealing trojan now dedicated to steal credentials from applications like browsers, VPNs, FTP details, and email information as well.

This malware is actually available for commercial use. This malware is based on .Net framework and is a keylogging trojan which is active in market since 2014.

In current situation, the Agent Tesla malware is popular with various business email compromise scammers who utilize this trojan to infect their victims and track their key strokes and taking screenshots of their machine periodically.

The malware can also be used for stealing data from clipboard, system information, and even top kill antimalware and internal software analysis process on targeted computers.

So, technically no credentials are safe

According to a researcher named walter who analyzed recently collected samples of infostealing malware, he found the threat as a dedicated code which is being used for collecting both app configuration and user credentials as well from various applications.

He says that the malware is capable of extracting credentials from registry settings as well as related configuration or supporting files.

Further, he also added that most of the applications like Chrome, Chromium, Safari, Brace, Filezilla, Firefox, Thunderbirt, OpenVPN, Outlook, etc are just a few sample which can easily be targeted by the latest Agent Tesla malware strains.

Once the malware manage to harvest credentials and app confic information, it use to deliver those information to its command and control server through FTP or SMTP using details that come bundled withing its internal configuration.

Further, the walter has discovered that current strains of Agent Tesla malware will often drop or retrieve secondary executables to inject into or they will try to inject into known binaries which are already present on targeted hosts.

Agent Tesla malware is currently a widely used trojan

In the current scenario, Agent Tesla is one of the most actively utilzied malware variant in attacks which are targeting both business and home users as shown by the list of top 10 malware according to analysis of interactive malware analysis platform Any.Run during last week.

In this race, the widely renown infostealing malware called Emotet is much behind in the number of samples submitted for analysis. Actually, Agent Tesla is ranked second in the list through last week’s threats by the number of uploads on globe.

Agent Tesla malware is also ranked second in the top 10 most prevalent threats according to details published by Any.Run in December last year, as it was uploaded around more than 10,000 as submitted sample last year.

Between first and second quarter of 2020, a rise of 770% in the number of botnets C2 associated with infostealing malware family was also discovered according to Spamhaus Malware Labs’ Botnet Threat Update reports.

Earlier this year in April, a security analysis organization named Malwarebytes has discovered that Agent Tesla was also updated with a new module which is dedicated to steal passwords from Wi-Fi networks of infected computers.

Later, the Bitdefender also reported that criminals have attacked various entities belong from gas and oil industry sectors in highly targeted spearphishing campaigns which has been infected by Agent Tesla payload trojans.