Latest Agent Tesla Variant Steals Credentials From Popular Applications

Cyber Security researchers have found a new variant of Agent Tesla RAT malware. The latest malware integrates new modules that are specifically designed to steal login credentials from various applications. Includes popular web browsers, VPN software, FTP as well as email clients.

About Agent Tesla

Agent Tesla acts as a remote access Trojan that allows the hackers to remotely access the target system and execute various malicious commands. The malware has been active since 2014 and also has key-logging capabilities. A key-logger is designed to record the keystrokes while the user is active on the system.

The threat is rigorously employed by business email compromise (BEC) scammers. The campaign is used to record the keystrokes and even take screenshots of the target system to extract various sensitive data.

Additionally, it steals data stored within the clipboard, establishes communication with the hackers using C&C server. Besides that, it also terminates the anti-malware applications running in the background to escape detection.

Researcher Analysed the Sample

The senior security researcher Jim Walter at SentinelOne, analysed the sample of the Agent Tesla. After analysis, the expert finds that a dedicate code that extracts user credentials from various popular applications as well as the app configuration data.

Latest Agent Tesla Variant Steals Credentials From Popular Applications

Latest Agent Tesla Variant Steals Credentials From Popular Applications (Source: SentinelOne)

“The malware has the ability to extract credentials from the registry as well as related configuration or support files,” Jim Walter explains.

The new variant of infostealer targets popular apps like Google Chrome, Chromium, Safari, Brave, FileZilla, Mozilla Firefox, Mozilla Thunderbird, OpenVPN, and Outlook.

According to Walter, once the malware extracts the user credentials and app configuration data, then it transfers them to the hackers. It either uses a command-and-control server via FTP or STMP to deliver the information.

“Current variants will often drop or retrieve secondary executable to inject into, or they will attempt to inject into known (and vulnerable) binaries already present on targeted hosts,” Walter added.

Agent Tesla is the most active infostealer

The Agent Tesla is one of the most destructive malware and was used in various attack campaigns. Due to its capabilities, the malware targets businesses as well as home users.

In fact, the malware has left the Emotet behind and ranks second place as the most dangerous infostealer.

Thus, it is very important to secure the system with reputable anti-malware application. As this is the least one can do to stay safe.

What can you do to stay safe?

  • Always check for software and OS updates. Make sure to patch any vulnerability for all the software, firmware, and operating systems you are using as soon as possible.
  • Check before installing any browser extensions, and always choose the web stores for the downloads.
  • You can also use a trusted ad-blockers while surfing the internet. Many ads and websites have mining scripts embedded that are silently used for mining.
  • Make sure you do not download pirated software or click on a malicious ad. As in recent campaign, the Microsoft warns users about the coin miner pushes along with pirated movies download.
  • Do not open any shortened link from any unknown source.
  • Often hackers send such links in email, messages, and online ads. If you receive an anonymous email, please do not open the email or click on any link in it.
  • Do not download files from an unknown sender or external drives before scanning.
  • Scan your computer periodically for viruses and malware using a reliable and high-quality antivirus application.

Protect your computer with HitmanPro Now

While, threat actors can exploit the vulnerabilities any time, so it is necessary to have an active anti-virus protection always running on the system. The best one we recommend is HitmanPro.Alert, that will guard your system against all odds.

Secondly, experts advise to keep strong passwords of all online accounts. As the crypto miners can even steal the login credentials of the cryptocurrency wallets and transfer all the funds.

Although, it is very important to enable 2FA on your accounts, and use strong passwords. But to keep the passwords secure you should use a reputable Password Manager tool like Dashlane(Review).

Dashlane Password Manager tool

Dashlane Password Manager tool

Thus, it is also important to secure your accounts with powerful password manager tool download DashLane Password Manager Now.


Article source: Bleeping Computer.

More From Unboxhow