Info Stealer

Agent Tesla

First seen: 2014 • Status: active

Currently Active Threat

Agent Tesla pretends to be parental monitoring software but is really used by criminals to spy on everything you type and steal passwords.

Overview

Agent Tesla is a .NET-based information stealer and keylogger sold as legitimate monitoring software. It remains one of the most prevalent malware families.

Also Known As

AgentTesla, AgenTesla

How It Spreads

  • Phishing emails
  • Malicious Office documents
  • Archive attachments

What It Does

  • Keylogging
  • Screenshot capture
  • Credential harvesting
  • Clipboard monitoring
  • Webcam capture

Is your business exposed?

Target Platforms

Windows

Detection Tips

  • Monitor for Agent Tesla C2 traffic
  • Check .NET process behavior
  • Analyze SMTP/FTP exfiltration
  • Review keylogger indicators

MITRE ATT&CK Techniques

T1056, T1555, T1113, T1115, T1125

If You're Infected

  1. 1.

    Remove Agent Tesla

  2. 2.

    Reset all passwords

  3. 3.

    Check for data exfiltration

  4. 4.

    Review sent emails for compromise

Related Malware

Formbook, Snakekeylogger, Hawkeye

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices