AgentTesla Old RAT New Tricks
AgentTesla is a remote access trojan and information stealer that has evolved over the past 6 years when it was first identified. The most recent campaign includes modules that allow the malware operator to compromise machine configuration data, steal passwords from commonly used software such as FTP, Web browsers, VPN as well as email clients. AgentTesla is considered a commodity malware due to the ability to openly buy variants of the malware. For those with access to the malware and the ability to include different payload modules, it has been a very attractive alternative to more sophisticated and unique malware families. McAfee’s research teams will continue to monitor and update the AgentTesla activity and disseminate information that is deemed appropriate regarding the malware and suspected victims.