Cyber security experts have unearthed a sophisticated information-stealing malware, which is being spread through malicious emails.

After getting access to the target computer, the malware can capture information as the victim keys in, for example, passwords.

Though not something new, the malware, called Agent Tesla, continues to remain a challenge.

Cyber security solutions firm Sophos said that the seven-year-old Agent Tesla steals information from web browsers, email clients, virtual private network (VPN) clients, and other software that stores usernames and passwords.

“It can capture keystrokes while users are typing and record screenshots, so it can see what is on their screen,” a new Sophos report said.

The more recent version of the info-stealer can use the Telegram messaging service to communicate with its operators. It also tries to alter software code to block security protection.

“Agent Tesla malware has been active for more than seven years. Yet it remains one of the most common threats to Windows users,” Sean Gallagher, senior security researcher at Sophos, said.

“The most widespread delivery method for Agent Tesla is malicious spam attachments. The email accounts used to spread Agent Tesla are often legitimate accounts that have been compromised,” he said.

Sophos has advised users to treat email attachments from unknown senders with caution.


Sophos has advised users to secure their devices well, and screen, detect and block suspicious emails and their attachments.

“You should never open attachments or click on links in emails from unknown senders,” it said.