Agent Tesla – a highly effective as well as user-friendly password stealing program which has been built using Microsoft .Net Framework and infected computers since 2014 – has gained popularity recently by having more than 6,300 customers who pay a monthly fee for subscribing its licensed version. With its salient features, Agent Tesla is enabled to remain undetected on its host computers. As of now, Agent Tesla can only run on all versions of Windows operating systems, but not on Linux, Mac, etc..

In one word, Agent Tesla can be named as a highly effective ‘keystroke logger’. Keystroke loggers are surveillance softwares which can record details – like instant messages, emails, capture data (usernames, passwords as well as personally identifiable information) typed using the keyboard and even email addresses and, URLs used accessed in the system – in an encrypted log file. Later, this log file will be sent to a specified receiver. Keystroke loggers can be very much useful to employers for surveillance of employees.

Automation is a significant feature in Agent Tesla; Threat actors (They are the entities causing security flaws.) can automate keyloggers to take snapshots of keystrokes, desktops and webcam images in time-based intervals. Different Agent Tesla variants have been spread aiming security vulnerabilities. Agent Tesla is delivered onto a victim’s computer via phishing / sending emails with an infected attachment; Agent Tesla can autorun from a USB stick.

There are two main parts in Agent Tesla. They are:  ‘Interface’ and ‘Dashboard’.

‘Interface’ – Allows the threat actor to do the customization in Agent Tesla if needed, before sending it to a potential target. Visibility of an Agent Tesla installation as well as how a target will interact with Agent Tesla can be controlled through ‘interface’. Agent Tesla will trigger the target to enable itself through vulnerable activities which can trick the targets to give accessibility (For example, Sending fake messages like ‘Update Adobe Flash Player’ and when the target clicks ‘ok’, it will automatically install Agent Tesla.).

‘Dashboard’- The command centre, through which threat actors will control Agent Tesla and monitor connected systems.

Accessibility to Agent Tesla has been sold through a monthly license paid in bitcoin, via the website agenttesla.com. But like any keystroke logger, Agent Tesla has a negative impact by its feature to embed itself on spyware to steal as well as transfer sensitive data to unknown sources.  Agent Tesla’s website announces that it is not malware and strictly insists on using it for monitoring those computing systems to which users have accessibility. But the site’s 24/7 support channel shows lots of support instances, where support officials are instructing users in matters like – the ways to evade antivirus detection, usage of software vulnerabilities for deployments, secret bundling of the program inside other file types such as images, text, audio, MS office, etc..

Anyway, with its user-friendliness as well as advanced features like automation, interface simplicity, Agent Tesla’s usage has immensely expanded in recent years.