Agent Tesla malware and how it’s related to you: 7 important facts you should know

Featured On

EntrepreneurForbesBuisiness InsiderAxios

Dubbed April 2020’s most wanted malware, Agent Tesla malware is an advanced remote access Trojan (RAT) whose payload is a keylogger and information stealer. This destructive and stealthy malware monitors and records its victims’ keystrokes in order to steal their passwords, user credentials, and other keyboard input. The cyber criminals responsible for the attack sell the info they steal to other criminals, or use it to rob bank accounts and steal identities. The malware can also steal data from clipboards, and videos and pictures from connected cameras. It is ranked one of the top three most active malware and affects 3% of organizations worldwide. This is a malware that you must to stay in front of, so with that in mind here are seven important facts you need to know about Agent Tesla malware:

Its’ sold as malware-as-a-service

Similar to the software licensing and delivery model known as software-as-a-service that is used to host legitimate applications and make them available to customers via the Internet, Agent Tesla malware is available for cyber criminals on an official website and comes with all the tools needed to execute an attack. While its developers try to make it appear as a legitimate program, even claiming on their site that it shouldn’t be used for malicious purposes, in reality, it is anything but legit. On the contrary, the impression of legitimacy that the developers try to convey is betrayed by the support they offer for how to evade detection, how to deploy it by exploiting software vulnerabilities, how to bundle it inside other programs, and how to proliferate and use it to generate revenue.

It can infect computers in a variety of ways

There are several ways that Agent Tesla malware can infect your device. One of the more common methods is via spam email that tries to get users to open malicious attachments. The attachments can look like anything from bills to receipts to invoices.  Downloading unofficial software from unreliable sources is another method. With this method, the software is presented as legitimate in order to trick users into downloading and installing the malware. Yet another method is the use of fake updaters that are disguised as legitimate software updates. Because they appear to be legitimate, users can be deceived into downloading and installing the malware instead of proper updates.

Coronavirus-themed emails are being used to distribute Agent Tesla

Cyber criminals have been exploiting the public’s fear of the Covid-19 pandemic and their need to stay abreast of Covid-19 news to launch their attacks. For example, they’ll use subject lines that mention “Covid-19” or “Coronavirus” to lure their targets into opening infected attachments. Or they’ll send emails that are disguised to look like they’re from the World Health Organization or selling face masks and other medical products that help fight the pandemic.

There are dangerous new variants

New variants of Agent Tesla malware have made their appearance and are more dangerous than previous versions of the malware as they can now also steal its victim’s Wi-Fi profile and then use that info to propagate onto other devices.

Agent Tesla targets everything

Just about every browser, email client, messaging client, VPN client, FTP client, and download manager is a target. Browsers targeted include everything from Apple Safari, Google Chrome, and Microsoft Edge to Mozilla Firefox, Opera, Vivaldi to name just a few. Email and messaging clients that can be targeted include IncrediMail, Microsoft Outlook, Opera Mail and others. And VPNs, FTPs and download managers that are targeted range from DownloadManager and FTP Navigator to FileZilla and Flash FXP along with several others.

It exploits Windows vulnerabilities

Cybersecurity researchers discovered that Agent Tesla also exploits Microsoft MS Office vulnerabilities. The vulnerabilities let attackers run arbitrary code or execute scripts that deliver the Agent Tesla payload.

  • You can protect your devices. Fortunately, there are very simple, effective defensive measures you can implement immediately that will protect you from Agent Tesla malware. 
  • Be very cautious when you browse the Internet or download software.  Software should only be downloaded from official sources and only with direct links. Avoid third-party downloaders. 
  • Be on the lookout for extraneous emails or attachments from suspicious or unrecognizable email addresses. Always think twice before opening them. 
  • Keep your applications and operating systems up to date, but always make sure you get your updates from the official developer only. 
  • Install a powerful and reputable antivirus software. It should be able to perform Agent Tesla malware analysis and other malware analysis so it can eliminate malware before it can cause any harm. 

On your radar

The key to computer safety is an abundance of awareness and caution, and proper cybersecurity hygiene. Agent Tesla malware should be on your cyber radar and your alert level should be very high regarding the software you download, the attachments you open and the software updates you install. Furthermore, your cybersecurity hygiene should be impeccable with powerful antivirus software as its foundation.