Security researchers on Tuesday uncovered new delivery and evasion techniques adopted by Agent Tesla remote access trojan (RAT) to get around defense barriers and monitor its victims.

Typically spread through social engineering lures, the Windows spyware not only now targets Microsoft's Antimalware Scan Interface (AMSI) in an attempt to defeat endpoint protection software, it also employs a multi-stage installation process and makes use of Tor and Telegram messaging API to communicate with a command-and-control (C2) server.

Cybersecurity firm Sophos, which observed two versions of Agent Tesla — version 2 and version 3 — currently in the wild, said the changes are yet another sign of Agent Tesla's constant evolution designed to make a sandbox and static analysis more difficult.


"The differences we see between v2 and v3 of Agent Tesla appear to be focused on improving the success rate of the malware against sandbox defenses and malware scanners, and on providing more C2 options to their attacker customers," Sophos researchers noted.

A .NET based keylogger and information stealer, Agent Tesla has been deployed in a number of attacks since late 2014, with additional features incorporated over time that allows it to monitor and collect the victim's keyboard input, take screenshots, and exfiltrate credentials belonging to a variety of software such as VPN clients, FTP and email clients, and web browsers.

Last May, during the height of the pandemic, a variant of the malware was found to spread via COVID-themed spam campaigns to steal Wi-Fi passwords alongside other information – such as Outlook email credentials – from target systems.

Then in August 2020, the second version of Agent Malware increased the number of applications targeted for credential theft to 55, the results of which were then transmitted to an attacker-controlled server via SMTP or FTP.

While the use of SMTP to send information to a mail server controlled by the attacker was spotted way back in 2018, one of the new versions identified by Sophos was also found to leverage Tor proxy for HTTP communications and messaging app Telegram's API to relay the information to a private chat room.

Fight AI with AI — Battling Cyber Threats with Next-Gen AI Tools

Ready to tackle new AI-driven cybersecurity challenges? Join our insightful webinar with Zscaler to address the growing threat of generative AI in cybersecurity.

Supercharge Your Skills

Beside this, Agent Tesla's multi-stage malware installation process has received a significant upgrade, with the first-stage malware downloader now attempting to modify code in AMSI in a bid to skip scans of second-stage malicious payloads fetched from Pastebin (or Hastebin).

This interim payload, which are chunks of obfuscated base64-encoded code, are subsequently decoded to retrieve the loader that's used to inject the Agent Tesla malware.

AMSI is an interface standard that allows applications and services to be integrated with any existing antimalware product that's present on a Windows machine.

Furthermore, to achieve persistence, the malware copies itself to a folder and sets that folder's attributes to "Hidden" and "System" in order to conceal it from view in Windows Explorer, the researchers explained.

"The most widespread delivery method for Agent Tesla is malicious spam," Sophos threat researchers Sean Gallagher and Markel Picado said.

"The email accounts used to spread Agent Tesla are often legitimate accounts that have been compromised. Organizations and individuals should, as always, treat email attachments from unknown senders with caution, and verify attachments before opening them."

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.