What is AgentTesla?
AgentTesla (S0331) is an infostealer designed to steal sensitive information, including login credentials and credit card numbers. Typically spread through phishing emails, it collects data via keystroke logging, screenshots, and theft of saved passwords.
A key feature of AgentTesla is its ability to evade detection by encrypting its communications with its C2 server, making it difficult for security tools to analyze. It can also download and install additional malware.
How to Defend Against AgentTesla?
Defending against AgentTesla requires a focus on preventing its initial delivery and detecting its malicious activities.
- Be cautious when opening email attachments and clicking on links, as phishing is a primary delivery vector.
- Keep all operating systems and software patched to limit vulnerabilities that can be exploited for initial access.
- Deploy endpoint detection and antivirus to identify and block the malware’s execution and its keylogger functions.
- Use network detection (NDR) with integrated threat intelligence to spot and block the exfiltration of stolen data.
