Agent Tesla Is Out to Steal Your Credentials (and Your Cryptocurrency)


Network security isn’t just for large, high-profile enterprises; even small businesses need to take it seriously. All businesses have something of value to hackers, and if you don’t believe this is the case for your organization, think again. All data is valuable to hackers, and you need to do everything in your power to protect it—especially against threats like Agent Tesla, the latest version of phishing malware designed to steal your data.

Before we dive into what makes Agent Tesla so concerning, let’s discuss phishing on a more broad scale. What is it, and why is it important that you know what it is?

Explaining Phishing Attacks

Not all hackers take a direct approach to infiltrating your systems. Brute force can only get them so far, so they have to resort to sneaky tactics like phishing. A phishing attack aims to convince users to grant a hacker access to a network of their own free will, usually through downloading an infected file, clicking on a suspicious link in an email, or handing over credentials to someone claiming to be tech support or someone of authority within the organization.

Why You Should Care

The scary part of phishing attacks is that you can do everything right in terms of network security and still fall short of protecting your organization. Phishing attacks, when executed properly, have the potential to make it past even the best security solutions. They rely on the human aspect of your organization—your employees—to infiltrate and cause problems for your business. In a sense, your company’s security measures are only as effective as your employees’ knowledge of network security.

Agent Tesla

Agent Tesla as a threat has been around since 2014. The malware uses a keylogger to steal information from infected devices, which it transmits to the hacker behind the attack periodically throughout the day. This gives the hacker access to information like passwords, usernames, and other data that is typed into the system. This new variant of Agent Tesla is notable because it also seeks to steal cryptocurrencies from the user.

Agent Tesla spreads through the use of phishing emails with infected Excel documents attached. One such attack, as evidenced by a report from Fortinet, shows an email with an Excel file sporting the title of “Order Requirements and Specs” attached to it. To the untrained eye, it might appear to be legitimate. If the user downloads the file and opens it, the file runs a macro that downloads Agent Tesla to the device. The specific process, as outlined by Fortinet, involves installing PowerShell files for Agent Tesla, adding several items to the Auto-Run group in the system registry through the use of VBScript code, and finally creating a scheduled task that executes at a designated interval.

Agent Tesla itself is surprisingly accessible, given that it can be purchased on the cheap and the developers offer support to those who do purchase it. This sets the bar pretty low for hackers who want to get started in this deplorable line of work.

What You Can Do

You don’t want to find yourself in a reactive position with your network security. Instead, you should be proactive about it. Your network security against phishing attacks (and all threats in general) should take a two-pronged approach:

  • Implement quality network security solutions to catch the majority of threats before they reach your network.
  • Train your employees to identify threats so that the ones that do get through your defenses do not cause more trouble than they need to.

NuTech Services can help your business do both of the above, implementing powerful enterprise-level security solutions that can keep your company safe and training your employees to keep it that way. To learn more, reach out to us at 810.230.9455.