June 11, 2023

Six-year-old keylogger malware called Agent Tesla has been updated again, this time with expanded targeting and improved data exfiltration features.

Researchers warn that the newest iteration of the malware, is likely to add to this volume of attacks, as threat actors move to adopt the updated version.

Threat actors who transition to this version of Agent Tesla gain the capability to target a wider range of stored credentials, including those for web browser, email, VPN and other services

Data Exfiltration Tactics

The new version of Agent Tesla includes the ability to target a wider range of stored credentials, such as less popular web browser and email clients.

Agent Tesla now includes the ability to scoop up credentials for the Pale Moon web browser, an Open Source, Mozilla-derived web browser available for Microsoft Windows and Linux; and The Bat email client, an email client for the Microsoft Windows operating system.

Harvest configuration data and credentials from a number of more common VPN clients, FTP and email clients and web browsers. That included Apple Safari, BlackHawk, Brave, CentBrowser, Chromium, Comodo Dragon, CoreFTP, FileZilla, Google Chrome, Iridium, Microsoft IE and Edge, Microsoft Outlook, Mozilla Firefox, Mozilla Thunderbird, OpenVPN, Opera, Opera Mail, Qualcomm Eudora, Tencent QQBrowser and Yandex, among others.

The malware also now can use TOR with a key to help bypass content and network security filters,

Targets

The latest version of Agent Tesla showed that the malware has swapped up its targeting. The new version is primarily focused on India. While this was previously a main focus of Agent Tesla, researchers say that the malware has less of a focus on other areas, like the U.S. and Europe.

Agent Tesla has focused less on previously targeted industries like the technology space, and has ramped up its attacks against internet service providers (ISPs).

Future of Agent Tesla

Researchers warn that once threat actors realize the benefits from the newest version of the malware, they may transition more quickly as the new features might be necessary.

Tags:

Leave a Reply

You may have missed

VMware Patches Vulnerabilities in Aria

VMware Patches Vulnerabilities in Aria

June 10, 2023
Fractureiser Malware Targets MineCraft

Fractureiser Malware Targets MineCraft

June 10, 2023
MoveIt New SQL Vulnerability ! Patch It

MoveIt New SQL Vulnerability ! Patch It

June 10, 2023
Japanese Pharma Eisai Victim of Ransomware Attack

Japanese Pharma Eisai Victim of Ransomware Attack

June 9, 2023
ACT Government Victim of Barracuda ESG Vulnerability

ACT Government Victim of Barracuda ESG Vulnerability

June 9, 2023
Anonymous Sudan Claims Responsible for Outlook Outages

Anonymous Sudan Claims Responsible for Outlook Outages

June 9, 2023
%d bloggers like this: