"Agent Tesla Trojan Can Evade Endpoint Protection, Sophos Reports"
Sophos researchers have reported the continued refinement of the Trojan called Agent Tesla. New evidence suggests that Agent Tesla is now capable of disabling endpoint protection. Agent Tesla emerged in 2014, spreading through spam emails with attachments. It is widely distributed in online underground marketplaces. According to the researchers, there are currently two versions of Agent Tesla being used in the wild, both of which can steal credentials from email clients, virtual private network clients, software, and web browsers, as well as record screens and keystrokes. The differences between the two versions include the use of the Tor anonymizing network client and Telegram messaging API for command and control. Agent Tesla is said to be one of the most common Windows-based threats as it was among the top malware families delivered via email in 2020. In December 2020, Agent Tesla payloads made up 20% of malicious email attachment attacks detected and stopped by Sophos scanners. Criminals are continuing to update Agent Tesla to improve its ability to circumvent endpoint and email protection tools. This article continues to discuss the capabilities and continued evolution of Agent Tesla, and Sophos' recommendations for IT administrators on how to mitigate the threat of this Trojan.
SecurityBrief reports "Agent Tesla Trojan Can Evade Endpoint Protection, Sophos Reports"