- Aug 17, 2014
- Content source
Researchers have identified new versions of the Agent Tesla remote access trojan (RAT) that target the Windows anti-malware interface used by security vendors to protect PCs from attacks. The newly discovered variants have also adopted new obfuscation capabilities, raising the stakes for businesses to fend off the ever-evolving Agent Tesla malware.
Chief among the update is that the malware now targets Microsoft’s anti-malware software interface (ASMI) in order to avoid detection. ASMI allows applications and services to integrate with any antimalware product that’s present on a machine. The malware also now has the added capability of deploying a Tor client to conceal its communications, as well as using the Telegram chat application to exfiltrate data.
All of these changes make both sandbox and static analysis and endpoint detection of the malware more difficult, warned researchers.
“Agent Tesla remains a consistent threat—for many months, it has remained among the top families of malware in malicious attachments caught by Sophos,” said Sophos researchers on Tuesday. “Because of this sustained stream of Agent Tesla attacks, we believe that the malware will continue to be updated and modified by its developers to evade endpoint and email protection tools.”
Agent Tesla Trojan 'Kneecaps' Microsoft's Anti-Malware Interface
A new version of the Agent Tesla RAT can 'kneecap' endpoint protection software supported by Microsoft ASMI.