Agent Tesla Malware Now has Wi-Fi Capabilities, as Hackers Steal with it UNICVVRU, try2servicesvc

Cybersecurity researchers have confirmed that some hackers are now using upgraded Agent Tesla to steal Wi-Fi passwords from vulnerable computers.
Security researchers have been working hard to make it very
difficult for malware to infiltrate computers. But hackers have been upgrading
their hacking tools to be more sophisticated and evade detection. With the
Wi-Fi module added to Agent Tesla, the information gathering Trojan, hackers
have found a way to sneak in and install malware they can use for future
attacks.
The new module was discovered by the Malwarebytes team , which recently accessed the
highly sophisticated code of Agent Tesla.
After gaining access using a phishing attack and
infiltrating the target computer, Agent Tesla would then collect system data
and send it back to the hacker. The retrieved data include information stored
in the RAM, CPU architecture, system’s username, browsers, file downloader, as
well as FTP clients. Apart from these, Agent Tesla also collects Wi-Fi
credentials as well.
Researchers also found out that the Malware looks for
wireless network profiles that are close-by. It then sends a netsh command and adds
a key-clear argument, as well as the SSID. This wipes out both the passwords
and Wi-Fi names in a plaintext format.
The new samples are deeply obfuscated and are crafted by the malware’s creator to retrieve wireless profile credentials from vulnerable computers .
To retrieve the Wi-Fi passwords from the targeted SSIDs (network names), the malware sends a new netsh command, as Malwarebyte researchers found out.
After Agent Tesla collects these details, it would give the
hacker a solid avenue to attack the computer in the future
“We believe this may be used as a mechanism to spread
malware or perhaps to set the stage for future attacks,” Malwarebyte
pointed out.
Security experts have suggested how users can avoid this
type of attack. They warn users to be very cautious when opening any suspicious
email, when clicking them, or when replying to them.
According to the experts, most times the suspicious emails contain executable malware that installs itself and runs in the background without the knowledge of the user. Agent Tesla can be sent through ZIP and IMG files as well.
Apart from Agent Tesla, another malware has been recently
upgraded to have the capacity to steal information through Wi-Fi.
Earlier this year, an Emotet Trojan was spotted with a
standalone Wi-Fi spreader tool. This allows the Trojan to infiltrate systems
connected to close-by vulnerable networks.
Binary Defense researchers stated that the standalone
spreader version has been used for hacking vulnerable systems for about 2 years
without any significant upgrade or changes.
But the Emotet developers recently upgraded the malware to
have a full Wi-Fi worm module. They started using the malware in the open,
infecting targeted computers that are connecting to insecure networks.
With the diversion to malware with Wi-Fi capabilities, the
Emotet creators are trying to develop an extremely dangerous and highly
sophisticated Wi-Fi worm module. Researchers are warning that this new module
is likely going to be seen in action frequently, as it is actively used in the
wild.
Security researchers say Agent Tesla has been around for 6 years , as .Net-based info stealing
software. It comes with remote access Trojan (RAT) and keylogging features.
With the increased use of computers at home due to the
current pandemic, hackers are taking advantage to expand their operational
methods. Between March and April, Agent Tesla was sent through spam campaigns
in a wide range of formats, such as office documents, IMG, MSI, CAB, and ZIP
files.
Presently, it’s one of the most common spamming means for
business email compromise scammers. They utilize it by taking screenshots and
recording keystrokes of infected systems.
UNICVVRU try2servicesvc

Author: wpadmin