The RAT is learning...
What comes around, goes around as the saying goes, and I'd like to share with you the latest information regarding Agent Tesla the Windows Remote Access Tool that once again is causing security concerns. It is being distributed via a malicious email attachment sent as a zip file:
The latest variant uses various techniques to evade endpoint detection. To safely check files antimalware will often use a sandbox to analyse files without damaging the underlying system. It uses multistage installers to pull down the components making it tricky to detect. We are likely to see these steps adopted and re-hashed in other malware. They are looking at how antimalware detects threats and finding ways to bypass them.
What this threat highlights is that phishing remains the go-to resource for distributing malware, it's cheap and extremely effective so you need to ensure you have the correct tools in place.
User training cannot be underestimated and running regular phishing simulations will help people to detect and avoid getting caught out.
Don't be over-reliant on antimalware software, nothing is 100% effective so wherever you can, try and use multiple layers of security.
Always treat email attachments with caution, remember hackers love to compromise email accounts and then send malware to all the contacts etc.