Agent Tesla Malware Is After Your Data (And Your Cryptocurrency)

Agent Tesla Malware Is After Your Data (And Your Cryptocurrency)

It doesn’t matter if you are a small locally-owned business or a larger-scale enterprise. Network security is equally important, as all businesses by default collect valuable information for hackers. It makes sense to protect your valuable assets, and your data is one of them. A recent threat called Agent Tesla is just another example of phishing malware designed to steal data from businesses just like yours.

Before discussing this particular phishing threat, let’s examine phishing attacks in a more broad sense. What are they, and what do you need to know to protect yourself?

Explaining Phishing Attacks

Hackers will often find that forcing themselves through your defenses is simply not the best approach for their needs, instead resorting to what are called phishing attacks—calculated measures that are designed to trick or mislead users—to gain unauthorized access to data. Phishing attacks are most commonly initiated through downloading an infected file, clicking on a suspicious link in an email, or handing over credentials to someone claiming to be tech support or a higher-up within the organization.

Why It Matters

The biggest challenge that phishing attacks pose for businesses is that it doesn’t matter if you have done all that you can to secure your business; phishing attacks still might find their way into your organization. These types of attacks can often make it past even the best solutions, relying instead on the less reliable part of your infrastructureyour employeesfor a way into your business. In this way, your security solutions are only as effective as your employees’ collective knowledge of network security.

Agent Tesla

As a threat, Agent Tesla has been around since 2014. This malware uses a keylogger to steal information from infected devices. The stolen data is then transmitted back to the hacker periodically throughout the day. The hacker might desire information like passwords, usernames, and other data that is typed into the system. This new variant of Agent Tesla is notable thanks to its ability to steal cryptocurrency from the user.

This is where that background information on phishing attacks comes into play; Agent Tesla spreads through infected Excel email attachments. An attack detailed by Fortinet utilized an Excel file titled “Order Requirements and Specs'' in an attempt to spread the malware. It might seem like a legitimate file at first glance. When the user downloads the file and opens it, it will run a macro that downloads Agent Tesla to the device. This specific process, as it’s explained by Fortinet, involves installing PowerShell files for Agent Tesla, adding several items to the Auto-Run group in the system registry through the use of VBScript code, and finally creating a scheduled task that executes at a designated interval.

One of the most concerning things about Agent Tesla is that it is quite accessible, being available for a relatively cheap price with opportunities for support from its developers. As such, the bar is set pretty low for budding hackers who want to try their hand at making other peoples’ lives miserable.

What Can You Do?

The last thing you want to do is find yourself in a position where you are forced to react to threats rather than prevent them entirely. Here is the key to keeping your organization secure from not just phishing threats, but all security threats:

  • Implement quality network security solutions to catch the majority of threats before they reach your network.
  • Train your employees to identify threats so that the ones that do get through your defenses do not cause more trouble than they need to.

Does your company need help with securing its infrastructure and staying safe from threats? White Mountain IT Services can help. To learn more, reach out to us at 603-889-0800.

By accepting you will be accessing a service provided by a third-party external to

Related Posts

The online world is a scary place. Viruses, malware, spyware, adware, and more are all out there trying to get at your network. These threats are almost always prevalent, but compared to each other, some are vastly superior and far more dangerous and...
Even the most innocent Internet user can fall victim to the stray hacking attack, and it’s all thanks to the manner in which malware reverse-engineers software. This process is how a hacker finds vulnerabilities in software. However, a new security c...
Most hacking attacks are the result of a flaw or vulnerability found within the code of a program or operating system, but we rarely take into account the ones that don’t. Hackers often take advantage of the human side of hacking as well, a process k...
Just like Silk Road (the illegal online black market designed to smuggle drugs around the world), there exists an online trade for zero-day exploits. Unsurprisingly, hackers find it exceptionally lucrative to sell these exploits for profit. Now, ther...
It might seem like the obvious reason for hacks and data loss is due to technology being unpredictable, but in all reality, it’s important to remember that some of the problems we experience with technology come from the people operating it. To this ...
For many Windows users, the fact that Microsoft is issuing Windows 10 incrementally came as a shock for those who patiently waited for its release date. While users wait, however, hackers are taking advantage of those who are less patient by creating...
Your organization is constantly at risk of being attacked by malicious entities. This is a fact that modern businesses have to live with. If this is the first time you’re seriously contemplating cyber security, you need to take all potential options ...
Have you ever wondered which websites on the Internet are the most dangerous? Recently it’s been discovered that the majority of threatening websites on the Internet fall into some very easy-to-identify categories; or, more specifically, about 95 per...
One minute you’re browsing trusted sites on the Internet, the next, your PC freezes up and displays the dreaded blue screen of death, along with a fake tech support message. This strain of malware is duping plenty of computer users into calling the p...
Technology is often exploited by hackers for their benefit, but one avenue of attack that’s consistently neglected is the mobile device. Smartphones and tablets are arguably at greater risk than desktops and workstations due to them being exposed to ...
Hackers are always trying to find the latest exploits to infiltrate unsuspecting businesses. One of the most dangerous and arguably the most difficult to identify is called a social engineering attack, which is where the hacker exploits the end user,...
The Internet is a fantastic tool that has ushered in an era of productivity and connectivity that we could only previously have dreamed of. Unfortunately, like every great tool, it can be used for darker, malicious purposes. In the Internet’s case, i...

Onsite Service Coverage Area

Although we provide remote services and support to businesses in over 20 states, onsite services are limited to within reasonable driving distance from our offices in NH.  We will manage a local vendor for locations outside of our service area to provide onsite assistance when needed.


Onsite Computer Support Services are available to businesses within 60 miles of Nashua New Hampshire. We have excellent onsite coverage from Concord NH, south through Manchester NH, and then down into Boston. From Northern and Central Mass, we cover from Worcester, east to the North Shore, including the Salem and Portsmouth NH area.


White Mountain IT Services

33 Main Street, Suite 302
Nashua, NH 03064


121 Riverfront Drive
Manchester, NH 03102


Open Positions