About the variants
According to Sophos researchers, Agent Tesla operators have been targeting the Microsoft Antimalware Scan Interface (AMSI) software to degrade its defenses and remove endpoint protection at the point of execution.
The two new variants labeled as Tesla 2 (v2) and 3 (v3) include an increased number of applications on the hit-list, such as Opera, Chromium, Chrome, Firefox, OpenVPN, and Outlook for the theft of credentials and enhanced obfuscation.
In addition, the new variants have availed options for operators to use the Tor client and Telegram's messaging API when connecting to C2 servers.
The full deployment of the malware can enable an attacker to take screenshots, log keyboard input, steal data saved on clipboards, and grab credentials from apps, browsers, email clients, and others.
Agent Tesla thriving
Agent Tesla operators have been making steady progress with the malware, be it with its capabilities or the number of targeted victims.
According to Sophos researchers, in December 2020, Agent Tesla payloads had accounted for approximately 20% of all malicious email attachments.
In the same month, the malware got an update with expanded targeting and improved data exfiltration capabilities, including the ability to scoop up credentials for web browsers, emails, VPNs, and other services.
Conclusion
The emergence of new Agent Tesla ..
Support the originator by clicking the read the rest link below.