Security News > 2021 > February > Agent Tesla Trojan ‘Kneecaps’ Microsoft’s Anti-Malware Interface
Researchers have identified new versions of the Agent Tesla remote access trojan that target the Windows anti-malware interface used by security vendors to protect PCs from attacks.
The newly discovered variants have also adopted new obfuscation capabilities, raising the stakes for businesses to fend off the ever-evolving Agent Tesla malware.
This is not a new tactic, with Agent Tesla previously turning to a legitimate Pastebin-like web service for downloading malware.
"This kneecaps AMSI-enabled endpoint protection software, by essentially making them skip further AMSI scans for dynamically loaded assemblies within the Agent Tesla process," said researchers.
While the Windows-targeting Agent Tesla remote access trojan has been active for over seven years, researchers said that they have continued to see new variants of the malware in a growing number of attacks over the past 10 month, compared to the infamous TrickBot or Emotet malware, for instance.
In December 2020, Agent Tesla account for 20 percent of malware email attachments detected in researchers' telemetry.
News URL
https://threatpost.com/agent-tesla-microsoft-asmi/163581/
Related news
- Microsoft fixes two Windows zero-days exploited in malware attacks (source)
- GitHub comments abused to push malware via Microsoft repo URLs (source)
- New Latrodectus malware attacks use Microsoft, Cloudflare themes (source)
- ZLoader Malware Evolves with Anti-Analysis Trick from Zeus Banking Trojan (source)
- Hackers Increasingly Abusing Microsoft Graph API for Stealthy Malware Communications (source)
- Microsoft fixes Windows zero-day exploited in QakBot malware attacks (source)