Security researchers uncovered new delivery and evasion techniques adopted by Agent Tesla remote access trojan. The Windows spyware now targets Microsoft’s Antimalware Scan Interface (AMSI) and makes use of Tor and Telegram messaging API to communicate with a command-and-control server. Sophos researchers say the changes are yet another sign of Agent Tesla’s constant evolution designed to make a sandbox and static analysis more difficult. The most widespread delivery method for Agent Tesla is malicious spam, the researchers said, but organizations should treat email attachments from unknown senders with caution.
Source: https://thehackernews.com/2021/02/agent-tesla-malware-spotted-using-new.html