You can now run Linux and Windows on the new Apple M1 Macs
Linux and Windows workarounds currently involve virtualization, but native ports aren’t far away.
Read More
Blog
- Home /
- Blog
This malware abuses Tor and Telegram infrastructure to evade detection
For more than seven years, the Agent Tesla family of remote access trojan (RAT) malware has remained one of the most common threats to Windows users online as it is continually updated by its creators.
A variety of cybercriminals leverage the malware to steal user credentials and other information through screenshots, keylogging and clipboard capture. However, as Agent Tesla's compiler hard-codes operator-specific variables when its built, the malware's behavior can vary widely as it continues to evolve.
According to Sophos, recent changes to the malware increased the number of applications targeted for credential theft to include web browsers, email clients, VPN clients and other software that stores usernames and passwords.
- We've assembled a list of the best antivirus software around
- Keep your devices secure with the best endpoint protection software
- Also check out our roundup of the best ransomware protection
SophosLabs has tracked multiple threat actors using Agent Tesla and as of December of last year, it accounted for 20 percent of malicious email attachments detected in the company's customer telemetry.
Agent Tesla v3
In its new report on Agent Tesla, Sophos sheds further light on two currently active versions of the malware identified as version 2 and version 3 to show how the RAT has evolved by using multiple types of defense evasion and obfuscation to avoid detection.
While both versions of the malware can be configured to communicate over HTTP, SMTP and FTP, version 3 adds the Telegram chat protocol as an option so that attackers can exfiltrate stolen data to a private Telegram chat room.
At the same time, Agent Tesla v3 also allows an attacker to decide whether or not they wish to deploy a Tor client to conceal their communications and this version of the malware can even steal the contents of the Windows system clipboard.
As malicious spam is the most common delivery method for Agent Tesla, Sophos recommends that organizations and individuals treat email attachments from unknown senders with caution and verify the integrity of attachments before opening them.
- We've also highlighted the best password manager
Date
02 Feb 2021Sources
Other Blog
-
-
Hacking satellite internet connections is a lot easier than you'd think
Oxford University researcher was able to intercept satellite internet traffic using $300 worth of off-the-shelf equipment.
Read More -
Hackers target biomanufacturing facilities using the Tardigrade malware
Read MoreBiomanufacturing facilities in the US are being actively targeted by an unknown hacking group leveraging a new malware strain.
In a new threat advisory, the Bioeconomy Information Sharing and Analysis Center (BIO-ISAC) revealed that the first attack believed to be launched using this new malware dubbed “Tardigrade” occurred in the spring of this year. At that time, Tardigrade was used in a cyberattack on a large biomanufacturing facility though a second facility was hit using the same malware just last month.
According to BIO-ISAC, both biomanufacturing sites and their partners are “encouraged to assume that they are targets” and should take the necessary steps to review their security and response postures.
Tardigrade malware
As reported by SiliconANGLE, Tardigrade is primarily used for espionage though the malware also causes other issues on the systems it infects including network outages.
In a separate report, Wired noted that these recent attacks may be linked to Covid-19 research as the pandemic has shown just how important biomanufacturing research is when developing vaccines and other medicines.
The origins of the code used in Tardigrade is also up for debate as BIO-ISAC believes the malware is based on Smoke Loader though security researchers that spoke with Bleeping Computer claim that it is a form of the Cobalt Strike HTTP beacon as opposed to an entirely new malware strain.
Due to Tardigrade's advanced characteristics, the malware could have been developed by an advanced threat detection group or even by a nation-state intelligence service.
Regardless of its origin, Tardigrade is quite dangerous and we'll likely find out more regarding this new malware as security researchers and even government agencies delve deeper into its code in an attempt to discover its true origins.
We've also featured the best endpoint protection software and best firewall
Via SiliconANGLE
-
Informatica may have just changed the game when it comes to CX data
New enterprise-scale, cloud-native solution should help companies rethink customer experience strategy,
Read More
Find Out More About Us
Want to hire best people for your project? Look no further you came to the right place!