Who is Agent Tesla and what do they want with my business?

If I were to write an action movie based on Elon Musk, I'd probably change his name to Agent Tesla. However, impeding my Hollywood blockbuster is the fact that the Agent Tesla name has already been taken.

Strangely, it hasn't been taken by a 'who', it's been taken by a 'what'. Agent Tesla is in fact the name of a Trojan that is wreaking havoc in the digital space. What makes this particular Trojan so peculiar is that it's hidden in plain sight. The developers market it on the dedicated Agent Tesla website as a software “for monitoring your personel [sic] computer”, emphasising the fact that it is "not a malware".

Despite these claims, you should make no mistake: Agent Tesla is indeed a spyware that has been rife for years. However, the proprietors continue to say that anyone using it with ill-intent will have their licence revoked. In fact, they even suspended sales at one point after claiming to ban accounts using it maliciously, introducing new measures to ensure it doesn't happen again. Hmmm.

Having unsuccessfully pulled the wool over expert eyes, the cybersecurity industry has an in-depth understanding of this threat type. In particular, Agent Tesla is a password-stealing software that has been active since 2014. Marketed as a key logger for personal use, it is this very feature that malicious actors use in their hacking endeavours. It can also steal clipboard data, capture videos and pictures through the camera, and steal information from forms.

It's an especially popular software among the hacker community because it's so easy to use. What's more, it actually comes with support staff that share advice on its illicit use. Way to be subtle!

What does it matter right now?

Agent Tesla is already on the rise given its ease of use. However, following the coronavirus outbreak, there has been a spike in phishing attacks. 'How are phishing attacks relevant to a virus?', you might ask. Well, the World Health Organization has issued a warning after becoming aware of suspicious emails. In said emails, malicious actors are impersonating the organisation to capitalise on the outbreak.

Many of these actors are using Agent Tesla to carry out these attacks. In particular, the emails offer information from the "WHO" (not) or may try to entice readers with a supposed cure. Understandably, people will then follow the steps as the attack suggests and unknowingly hand their private information over.

In any case, Agent Tesla is difficult to spot – in fact, detection as a whole is considered to be futile. Instead, organisations and individuals alike would do well to exercise complete caution when opening clicking on links and attachments. As well as this, it's best to ensure that all devices are always running on the most up-to-date version of their antivirus software. In other words: vigilance, vigilance, vigilance!

Next, check out our Ask the Expert with Paul Clark at Poly.