Agent Tesla Remote Access Trojan

Overview

Agent Tesla is a Remote Access Trojan (RAT) and has been available for purchase on hacker forums since 2014. It is designed to record keystrokes and steal confidential bank card data. The malware has a range of functionalities, including extracting data from infected hosts, stealing passwords from applications and browsers, as well as downloading and launching applications on the target systems.

Agent Tesla is sold on underground forums in three different renditions – Bronze, Silver, Gold at the average price of $9, $20, and $30 respectively. It is written in .NET, supports all Windows versions and is routinely spread through phishing campaigns but has also been known to be distributed via USB.

Intelligence gathering has revealed that Agent Tesla has operated at a high level since October 2023 and has demonstrated a consistent increase within Q1 2024.

Impact

The impact of Agent Tesla is multifaceted and significant, extending from individual victims to organisations worldwide. As a sophisticated piece of malware, it enables cybercriminals to engage in a variety of malicious activities that can have both immediate and long-term repercussions.

Incident Detection

Incident detection of Agent Tesla involves identifying the presence of this sophisticated Trojan malware within a network or on individual systems. Given Agent Tesla’s multifunctional capabilities, including keystroke logging, information theft, and system manipulation, its detection requires a multifaceted approach that leverages both signature-based and behaviour-based detection mechanisms.