‘Agent Tesla’ malware is now upgraded to steal your WiFi passwords

New variants of ‘Agent Tesla’ an information stealing malware is now capable of stealing WiFi passwords in the infected devices. These passwords can later be used by the attackers for improving on their infection or compromising the devices and network further.

Agent Tesla malware

The creator of this malware collects the password from the devices using a netsh command with a wlan show profile argument to list all the WiFi passwords stored in that infected device. Once the malware discovers the SSIDs, the Agent Tesla Info-Stealer executes the netsh command adding the SSID and a key=clear argument to extract the password for each user profile as per the Malwarebytes Threat Intelligence team report.

Along with the passwords, the malware also steals data from the FTP clients, file downloaders, browsers, RAM, CPU architecture, device details and more.

Emotet

Along with Agent Tesla, Emotet Trojan also has got its upgrade to spread to nearby WiFi networks from the infected device. Researchers at Binary Defense discovered the upgraded Emotet malware, that was further capable of becoming a worm module, that is spreading via networks.

With their new focus on this WiFi spreader module, the Emotet gang is on a straight path to developing a highly capable and perilous WiFi worm module that will show up more and more often while actively used in the wild. This upgraded version of Emotet can be hazardous as it can cause destruction to networks.

It is also to be noted that ‘Agent Tesla’ is publicly and commercially available, with a Keylogging program and remote access Trojan (RAT) abilities that is present since 2014.

This malware was distributed through spam campaigns in different formats like ZIP, MSI, IMG and more. Furthermore, it is also famous with BEC scammers, to take screenshots and record the keystrokes. The worst part this malware is capable of shutting down antivirus and other endpoint security solutions. 

How to build your defenses against these malware?

Users should be careful, while opening mails and clicking the hyperlinks in the mail, as most of it are deployed through phishing. It is good to avoid downloading attachments from an unknown sender.

Moreover, Emotet and Agent Tesla is on the first and second place for the ‘Top 10 most prevalent threats’ as a malware analysis report from Any.Run has mentioned below,

Subscribe to our newsletter for daily alerts on cyber events, you can also follow us on Facebook, Linkedin, Instagram, Twitter and Reddit.