Agent Tesla.

A .NET-based remote access trojan and information stealer active since 2014, sold openly as a commercial product and distributed primarily through phishing emails carrying malicious Office documents and archive attachments. Относится к категории Вредоносное ПО в кибербезопасности.

A .NET-based remote access trojan and information stealer active since 2014, sold openly as a commercial product and distributed primarily through phishing emails carrying malicious Office documents and archive attachments.

Agent Tesla is a .NET-based info-stealer and remote-access trojan that has been continuously active since 2014, sold openly as a 'monitoring' product on its own clearnet site and through reseller channels. It exists in dozens of slightly different versions because affiliates routinely repack the binary. Capabilities include keystroke logging, clipboard capture, screenshot capture, webcam access, theft of browser passwords and cookies, mail client credentials (Outlook, Thunderbird, FoxMail), VPN client credentials, FTP credentials, and exfiltration over SMTP, FTP, HTTP, or Telegram bots. The dominant infection vector is phishing email: lure documents embed Equation Editor (CVE-2017-11882, CVE-2018-0802) exploits or contain malicious archive attachments delivering a loader stage. Agent Tesla is one of the longest-running commodity stealers and routinely tops monthly malware ranking reports from anti-spam vendors, especially in business-email-compromise-adjacent campaigns. Defenses include disabling Office Equation Editor, attachment-detonation sandboxes, and EDR detections on the common loader behaviors (process hollowing into RegSvcs.exe, AspNetCompiler.exe).

Защита от Agent Tesla обычно сочетает технические меры и операционные практики, как описано в определении выше.

Распространённые альтернативные названия: AgentTesla, OriginLogger (rebrand).