AgentTesla is a spyware trojan. It comes in malicious attachments to phishing emails. AgentTesla is used by various criminal groups to steal data from infected devices. Data like usernames, passwords, bank account and credit card information can be logged and passed on by AgentTesla to cybercriminals. People whose computers were infected with AgentTesla risk becoming future targets of more sophisticated attacks.
Agenttesla Trojan quicklinks
- How dangerous is AgentTesla?
- How does AgentTesla spread?
- How to remove AgentTesla
- Automatic Malware removal tools
(Win)
Note: Spyhunter trial provides detection of parasites and assists in their removal for free. limited trial available, Terms of use, Privacy Policy, Uninstall Instructions,
(Mac)
Note: Combo Cleaner trial provides detection of parasites and assists in their removal for free. limited trial available, Terms of use, Privacy Policy, Uninstall Instructions, Refund Policy ,
In short about AgentTesla:
| Type of threat | Spyware,
trojan. |
|---|---|
| Dangers posed by AgentTesla | Stolen private information,
stolen money, malware downloaded and installed, hijacked PC settings and hidden system options. |
| How trojans spread | Deceptive emails with malicious file attachments and download links. |
| Removing AgentTesla | Restore control over your computer,
stop AgentTesla from running, scan your computer and remove all malware (with Spyhunter, Malwarebytes, or other programs). |
How dangerous is AgentTesla?
Looking at a few AgentTesla files (link 1, link 2, link 3), we can see that most antivirus programs agree about AgentTesla being malware.
AgentTesla is an infostealer. It can read data saved in browsers and other programs. Passwords, usernames, addresses, payment information, email contacts, and other data that your browser saved for your convenience. In addition, the newest version of AgentTesla can steal Wifi credentials.
And there’s more. Like other infostealers (Vidar, Astaroth, Zeus, Sphinx, and others), AgentTesla records keyboard presses, logs data copied with Ctrl+C, and takes screenshots.
This makes AgentTesla very dangerous. The data it steals can be used for targeted future attacks. Targeted means aimed at a particular person or business. With the data stolen by AgentTesla, criminals have enough information to pick a valuable and vulnerable target and trick them. AgentTesla can be used to help criminals steal money from bank accounts, hijack cryptocurrency transfers, and hack online accounts.
Here’s an example. This post on Talos Blog reveals how a group of criminals used AgentTesla to steal credit card information and then checked how much money each one had.
AgentTesla runs every time the computer starts. It can stop Task Manager (which can be used to quit programs and processes) from opening. It can get rid of the Control Panel (which is used to uninstall programs). It can stop you from opening the command prompt and registry (these can be used to access various settings).
How does AgentTesla spread?
AgentTesla has been around since 2014. It’s always improving as its creator is developing and releasing new data-stealing functionality.
Of course, to perform its spyware functions, AgentTesla needs to make it onto the targeted computers first. Criminals achieve this by attaching the trojan to phishing emails. They craft very convincing emails about shipments that are due to arrive, orders that need to be confirmed, invoices, bills, work documents, and other creative messages that are meant to invoke your curiosity. Even the name of World Health Organization has been abused to smuggle AgentTesla. The emails may be made to look like they come from a local business or even someone you know. They may use a fake sender address, or the sender email account could be hacked. The emails are usually well-designed and look very convincing, but sometimes you do get some spelling errors and such.
Phishing emails always ask you to download a file, check the attached document, or click a link to find out more. That’s what allows the infection to happen. AgentTesla comes as password-protected archives, Office documents with macros, and installer files. It’s up to each criminal using AgentTesla to come up with the most inventive and convincing ways to smuggle it onto computers.
Trojans other than AgentTesla sometimes spread in fake installers that can be downloaded from the internet. But so far, there’s no news of AgentTesla using anything other than deceptive emails. It’s possible, though.
How to remove AgentTesla
AgentTesla does not provide an interface to uninstall it like any normal program does. Indeed, it tries to make removal as difficult as possible.
First, enable Task Manager to fix what AgentTesla did to hide your settings. Then, check our post on how to kill malicious processes – safe mode, command line, etc. Then, you can use an antivirus program to delete malware off of your computer – such as Spyhunter, Malwarebytes, or another trusted program.
After removing AgentTesla and making sure that no malware remains on your device, you may want to change your passwords. That way, even if AgentTesla did steal them, they’ll be useless.
If you suspect that you revealed any banking or finance-related information that could possibly be used to rob you, keep a close eye on your bank accounts and wallets. Immediately dispute charges that you didn’t authorize. You should consult your bank on how to deal with this situation.
Automatic Malware removal tools
(Win)
Note: Spyhunter trial provides detection of parasites and assists in their removal for free. limited trial available, Terms of use, Privacy Policy, Uninstall Instructions,
(Mac)
Note: Combo Cleaner trial provides detection of parasites and assists in their removal for free. limited trial available, Terms of use, Privacy Policy, Uninstall Instructions, Refund Policy ,