New-look malware can steal passwords from VPN software and web browsers

News
By
published

Agent Tesla malware has been updated with new credential stealing modules

Shadowed hands on a digital background reaching for a login prompt.
Image Credit: Shutterstock (Image credit: Shutterstock)

Security researchers have discovered new variants of the Agent Tesla malware that now include modules capable of stealing credentials from many popular apps including web browsers, VPN software and FTP and email clients.

First discovered back in 2014, Agent Tesla is a keylogger and information stealer that has grown in popularity among cybercriminals over the last two years. The malware was initially sold on various hacker forums and marketplaces and its creators provided customers with the malware itself as well as a management panel to allow them to easily sort the data it collects.

Senior threat researcher at SentinelOne, Jim Walter discovered dedicated code used to collect app configuration data and user credentials after analyzing several new samples of the Agent Tesla malware. Walter provided further insight on the capabilities of these new modules in a blog post, saying:

“Currently, Agent Tesla continues to be utilized in various stages of attacks. Its capability to persistently manage and manipulate victims’ devices is still attractive to low-level criminals. Agent Tesla is now able to harvest configuration data and credentials from a number of common VPN clients, FTP and Email clients, and Web Browsers. The malware has the ability to extract credentials from the registry as well as related configuration or support files.” 

Agent Tesla variants

SentinelOne's analysis of the latest Agent Tesla variants has revealed that the malware can now steal user credentials from a number of popular applications including Google Chrome, Chromium, Safari, Mozilla Firefox, Microsoft Edge, Opera, Microsoft Outlook, Mozilla Thunderbird, OpenVPN and more.

Once the malware harvests the credentials and app configuration data from a targeted program, it then delivers this information to its command-and-control (C2) server via FTP or STMP by using credentials included in its internal configuration.

Walter also pointed out in his blog post that current variants of Agent Tesla will often “drop or retrieve secondary executables” which are then injected into known and vulnerable binaries on a targeted host.

While Agent Tesla has been around for years, the new modules that have been added to the malware make it even more effective at stealing user data.

Via BleepingComputer

TOPICS
Anthony Spadafora
Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Latest in VPN Privacy & Security
In this photo illustration a Google Play logo seen displayed on a smartphone.
Why is there so much spyware hidden in the Play Store?
PrivadoVPN running on an iPhone during TechRadar's VPN tests
Why PrivadoVPN Free is still the best free VPN for streaming
Homepage of CloudFlare website on the display of PC, url - CloudFlare.com.
"Network blocking is never going to be the solution" – Cloudflare slams anti-piracy tactics
Panels at RightsCon 2025 during a press briefing about the latest Access Now report of internet shutdowns
2024 was the worst year on record for internet freedoms – again
Vector illustration of the word Censored in a glitch distorted style
Google, Apple, and internet restriction – how Big Tech is making censorship "much worse" according to experts
Google Chrome logo on a mobile phone's screen
Why you need a VPN browser extension
Latest in News
MacBook Air mute key
The new M4 MacBook Air finally fixes an Apple keyboard annoyance that's been around for decades
A collage of Ellie and Joel in The Last of Us season 2
The Last of Us season 2's new trailer teases a huge showdown between Bella Ramsey's Ellie and Pedro Pascal's Joel, but the big moment I'm waiting for is still being held back
Apple iPhone 16 Pro Max REVIEW
New iPhone 17 Air leak may have revealed some key specs – and how it compares to the iPhone 17 Pro Max
Gaming with AI
I asked Gemini to play a text-based adventure game with me and the AI whisked me away to a word-based fantasy
Apple iPhone 16 Review
Three iPhone 17 model dummy units appear in a hands-on video leak
The Samsung Galaxy S25 Edge on display the January 22, 2025 Galaxy Unpacked event.
New Samsung Galaxy S25 Edge may have revealed some key details – including its price
More about vpn privacy security
In this photo illustration a Google Play logo seen displayed on a smartphone.

Why is there so much spyware hidden in the Play Store?
PrivadoVPN running on an iPhone during TechRadar's VPN tests

Why PrivadoVPN Free is still the best free VPN for streaming
A hand reaching out to touch a futuristic rendering of an AI processor.

CFOs: Are you ready to let go and trust AI?
See more latest
Most Popular
International Space Station
Is the moon too far for your data? IBM's Red Hat is teaming up with Axiom Space to send a data center into space
Samsung NAND
Well, that's unexpected: Samsung will team up with its fiercest Chinese rival to produce next gen NAND flash
MacBook Air mute key
The new M4 MacBook Air finally fixes an Apple keyboard annoyance that's been around for decades
Gaming with AI
I asked Gemini to play a text-based adventure game with me and the AI whisked me away to a word-based fantasy
A collage of Ellie and Joel in The Last of Us season 2
The Last of Us season 2's new trailer teases a huge showdown between Bella Ramsey's Ellie and Pedro Pascal's Joel, but the big moment I'm waiting for is still being held back
Molecular hard drive
Chinese researchers are looking to create a revolutionary type of hard drive based on organic materials but huge unknowns remain
Quordle on a smartphone held in a hand
Quordle hints and answers for Monday, March 10 (game #1141)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Monday, March 10 (game #372)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Monday, March 10 (game #638)
Apple iPhone 16 Pro Max REVIEW
New iPhone 17 Air leak may have revealed some key specs – and how it compares to the iPhone 17 Pro Max