Skip to main content

A popular malware variant has learned to swipe passwords from browsers and VPNs

(Image credit: Pixabay)

As if we don't have enough things to worry about these days, there is a brand new version of a popular malware strain that has learned some new and concerning tricks. Specifically, it can harvest login credentials from an assortment of common software, including web browsers like Chrome and Firefox, VPN services, email clients, and more.

It can even yank credentials from the registry, according to Jim Walter, a senior threat researcher at SentinelOne (via Bleeping Computer). Called 'Agent Tesla', the original version was first discovered six years ago and security researchers are now observing "steady growth" in its use over the last year or so.

"The malware was initially sold in various underground forums and marketplaces, as well as it’s very own AgentTesla.com site (now defunct)  Agent Tesla, like many of its contemporaries, offered both the malware itself as well a management panel for administration and data collection and management. Information harvested from infected devices quickly becomes available for the attacker via the panel interface," Sentinel Labs explains.

Part of the appeal of these malware strains is the cheap pricing. When it first hit the scene, Agent Tesla could be found in packages costing $12 per month, $25 for three months, or $35 for six months.

Fortunately, Agent Tesla is not all that sophisticated in its delivery. Like many types of malware, it primarily spreads through phishing campaigns. More recently, it's been found in emails purporting to offer Covid-19 updates from the World Health Organization. It's also been injected into specially crafted Office documents.

Perfect peripherals

(Image credit: Colorwave)

Best gaming mouse: the top rodents for gaming
Best gaming keyboard: your PC's best friend...
Best gaming headset: don't ignore in-game audio

In addition to stealing login credentials from various legitimate software, Agent Tesla is also a keylogger. In fact, installing a keylogger is one of the first things it does after infecting a system. It can also steal Wi-Fi passwords.

As is usually the case with these things, smart computing habits are your best defense. Such as not clicking on links in emails willy-nilly, especially unexpected emails, and be wary of email attachments.

For AV chores, these days I mainly rely on Windows 10's built-in Defender software. However, if you're looking for a third-party solution with perhaps more bells and whistles, check out our roundup of the best antivirus for PC gaming.

Paul has been playing PC games and raking his knuckles on computer hardware since the Commodore 64. He does not have any tattoos, but thinks it would be cool to get one that reads LOAD"*",8,1. In his off time, he rides motorcycles and wrestles alligators (only one of those is true).