The old AgentTesla virus has evolved and now manages to bypass antiviruses: here's what it can do and why researchers are worried.
Sophos researchers are sounding the alarm: the old AgentTesla virus has recently been updated and the new versions are much more dangerous than the one already known. Described as V2 and V3, these new versions of the malware manage to bypass antiviruses.
Because AgentTesla is a known and studied virus since 2014, in fact, normal commercial antivirus and Microsoft Windows Defender (i.e. the free antivirus built into Windows 10) normally manage to intercept the malware and block it. That's why hackers have developed the new versions, so that their malicious code can enter the computer and act undisturbed without being discovered. Since AgentTesla is a very dangerous virus, cybersecurity researchers have warned everyone: beware of the new versions.
New AgentTesla versions, what changes
AgentTesla versions 2 and 3 have been programmed to act on an essential security component of Windows-based PCs: the Microsoft Anti-Malware Software Interface (AMSI).
AMSI is a Windows component that allows commercial antivirus to talk to the operating system. AgentTesla is now able to trick AMSI into disabling the antivirus.
This means that the virus can enter the computer and act undisturbed, performing all the dangerous actions for which it was programmed.
AgentTesla: Why it is dangerous
AgentTesla is a 'RAT', which is a 'Remote Access Trojan' that acts as an 'infostealer'. In simple words, it is a remotely controlled virus that steals information from the infected computer.
The malware can record what you type on the keyboard, read data from the hard disk, take screenshots, steal access credentials to websites (including online banks), and much more.
New features recently added to this virus include the ability to connect to control servers hidden in the TOR network.