Agent Tesla’s malware variants now use new techniques to eliminate endpoint antivirus security.
On Tuesday, Sophos researchers said that two new variants of the RAT (Remote Access Trojan) target the Microsoft Anti-Malware Software Interface (AMSI), which is scanning and analysis software designed to prevent malware infections from occurring.
Agent Tesla’s operators will now attempt to tamper with AMSI to compromise defenses and remove endpoint protection at execution time. If successful, the malware can deploy its full payload.
First discovered in 2014, Agent Tesla is a commercial RAT written in .NET that involves a known information theft. Commonly distributed through phishing campaigns and malicious email attachments, the malware is used to gather account credentials, steal system data, and allow attackers to remotely access a compromised PC.
Phishing Email Examples …