Malware is designed to harm computers, clients, and network systems, etc. A new malware Agent Tesla has been updated with novel stealing modules. According to Security researchers, this malware is so dangerous that new variants include a modulus that can steal credentials and other necessary data from many popular apps. This new variant can steal credentials from web browsers, VPN software, and FTP and email clients.
Agent Tesla malware is a keylogger and information stealer. It has been getting immense popularity among cybercriminals from the last 2 years. It was one of the popular malwares which has been sold on various hacker platforms. Its creators facilitate the customers not only by providing them malware but also give them all management plans.
Senior threat researcher at Sentinel One, Jim Walter, discovered this dedicated code used to collect app configuration data. Jim Walter worked a lot on it and provided greater details and insight regarding this malware.
According to Jim Walter Agent, Tesla is still utilizing by cybercriminals on various stages of attacks. He also said that. Agent Tesla malware can now reap configuration data and credentials from many typical VPN clients and Email clients. This malware can attack FTP. This novel malware has the capability to take out credentials from the registry as well as related support files.
Agent Tesla variants
According to Sentinel One’s investigations of the novel malware Agent Tesla variants, this malware can steal user credentials from a number of applications, including Google Chrome, Safari, Mozilla Firefox, Microsoft Edge, Mozilla Thunderbird, opera, and the list is long. Once the malware starts its functions and steals the credentials and app configuration data from a targeted course, it then transports it to its C2 server via FTP and the internal program. According to Walter, current variants of Agent Tesla malware will often “drop or retrieve secondary executables,” which are later insert in the targeted host. Agent Tesla has been there for years, but its new variant is dangerous and can steal more sensitive information.
