There have been recent changes to the Agent Tesla family of Remote Access Trojan Malware (RAT). Many cybercriminals have used this malware in order to steal user credentials and other vital information. However, this malware continues to evolve to become more dangerous. Now, according to Sophos, the number of applications targeted by this malware has increased to include web browsers, email clients, VPN clients, and other software that save usernames and passwords.
As of December, Agent Tesla had been accounted for 20 percent of malicious email attachments. This had conclusion had been brought to light as SophosLabs had tracked multiple threat actors that use the malware.
SophosLabs have found the two currently active versions of Agent Tesla - Version 2 and Version 3. Both versions of the malware can communicate over HTTP, SMTP, and FTP. However, version 3 adds a Telegram chat protocol. This allows the attackers to retrieve stolen data, and then store it in a Telegram private chat room.
As well as this, attackers can decide whether they want to deploy a Tor client. This helps the attacker conceal their communications. More data can be stolen by Agent Tesla version 3 through the Windows system clipboard.
However, the most common form of delivery of the Agent Tesla malware is through malicious spam mail. So, if you do happen to receive an email from an unknown individual, you should treat those attachments with caution. Sophos recommends that you verify the integrity of the attachments/files before you open them. It's better to be safe than sorry.