Persistent Agent Tesla RAT Continues to Evolve
NJCCIC Alert
Original Release Date: 8/13/2020
Summary
Agent Tesla, an advanced remote access trojan (RAT), remains persistent and shows an upward trend as an information stealer and keylogger. The NJCCIC continues to observe multiple campaigns claiming to be shipping notifications, purchase orders, and invoices attempting to steal credentials or download malware. The emails contain PDF and ISO/IMG attachments with embedded executables or URLs that link to a download which, if executed, will install and run Agent Tesla. Furthermore, a new variant of Agent Tesla has the capability of harvesting configuration data and/or credentials from common VPN clients, FTP and email clients, and web browsers as well as registry and configuration files.
Recommendations
The NJCCIC recommends users and organizations educate themselves and others on these continuing threats and tactics to reduce victimization. Users are advised to avoid clicking links or opening attachments in response to emails from unknown senders and exercise caution with emails from known senders. If you are unsure of an email’s legitimacy, contact the sender via a separate means of communication.
The NJCCIC is a component organization within the New Jersey Office of Homeland Security and Preparedness. We are the State's one-stop-shop for cyber threat analysis, incident reporting, and information sharing and are committed to making New Jersey more resilient to cyber threats by spreading awareness and promoting the adoption of best practices.
View our Privacy Policy here.
View our Site Index here.