Agent Tesla is an example of an advanced remote access trojan (RAT) that specializes in the theft and infiltration of sensitive information from infected machines. It can collect various types of data, including keystrokes and login credentials used in browsers (such as Google Chrome and Mozilla Firefox) and email clients used on infected machines.
According to Check Point’s 2022 Cybersecurity Report, Agent Tesla was the 6th most prevalent malware variant in 2021, attacking an estimated 4.1% of corporate networks. It was also the second most common infostealer malware variant globally behind Formbook malware. Agent Tesla was first discovered in 2014 and was a prolific malware variant through 2020. However, between 2020 and 2021, it experienced a drop in prominence of 50%.
The Agent Tesla malware primarily spreads through phishing emails. For this reason, it commonly receives a bump in prominence when new malspam campaigns are launched.
Once it gains access to a system, it uses various techniques to hide its presence. One is the use of multiple layers of packing and obfuscation to conceal the malicious functionality from detection. This makes it more difficult for signature-based detection systems to identify the malware because the main functionality is only revealed well after the initial infection.
After the core functionality has been unpacked, Agent Tesla searches for browsers installed on the system and extracts login credentials from them. It can also capture keystrokes and screenshots. All of these contribute to granting the attacker access to users’ accounts that are compromised by these stolen credentials.
The Agent Tesla malware has been observed in spear phishing campaigns against multiple different industries, including energy, logistics, finance, and government
Some ways to protect against and mitigate the impact of Agent Tesla infections include:
Agent Tesla is one of the leading malware threats that organizations face with the ability to steal various types of sensitive information from an organization’s infected computers. However, Agent Tesla is far from the only cyber threat that organizations are forced to contend with. To learn more about Agent Tesla, the most prominent malware variants, and other leading threats that companies face, check out Check Point’s 2022 Cybersecurity Report.
Check Point Harmony Endpoint provides robust endpoint protection against a range of cyber threats, including Agent Tesla malware and other known and zero-day attacks. To learn more about how Harmony Endpoint can secure your organization’s devices against cyber threats, you’re welcome to sign up for a free demo today.