Also known as: AgenTesla, AgentTesla, Negasteal
Platforms affected: Windows
Variants: Agent Tesla v2 and Agent Tesla v3
Agent Tesla is a remote access trojan (RAT) that has been in the wild since 2014. It targets Windows devices and steals sensitive information by logging the users’ keystrokes. Over the years, its developers continuously updated and enhanced it, making it a persistent threat. Agent Tesla is a very capable trojan, able to not only steal credentials but also download and install additional malware.
Agent Tesla is a highly customizable malware, so the symptoms may vary case by case, but here are some things you can look out for:
- Reduced computer performance.
- Unusual network activity.
- Unrecognized processes in the Task Manager.
- Unauthorized changes to system settings.
- Suspicious activity or new login attempts on your online accounts.
Sources of the infection
Agent Tesla ends up on your device in similar ways to how most other malware does. Here are the most common ways your computer can get infected:
- Falling for a phishing campaign and downloading and opening malicious email attachments.
- Visiting a malicious or compromised website, where Agent Tesla installs itself through a drive-by download.
- Download a software bundle without checking what’s in it before installing everything.
Common sense and vigilance are the best protection from most malware, but you can also get security software to help you do it. Try NordVPN’s Threat Protection — it will block your access to malicious websites, stop malicious ads from loading, and scan your downloading files and delete them if malware is found.
Here are some more things you can do to keep Agent Tesla away:
- Regularly update all your software and the operating system.
- Don’t open suspicious emails from unknown senders, especially if they have attachments.
- Don’t download software from third-party app stores and pirate websites.
- Use a firewall to monitor the network traffic on your device.
Agent Tesla removal
If you have all your files backed up, you can easily remove Agent Tesla by performing a full system wipe. But if you don’t feel like resetting your computer, here are some things you can do:
Disconnect from the internet.
Boot Windows into safe mode to minimize the RAT’s functionality.
Use an updated antivirus to scan your device and remove the threat.
Check the Task Manager — there shouldn’t be any unfamiliar or suspicious activity if your antivirus removed the malware correctly.
After removal, your online accounts might still be compromised, so it’s crucial to change all your passwords.