Agent Tesla, an information gathering malware, has received an upgrade and is now capable of stealing Wi-Fi passwords from infected machines, according to a new report.
Cybersecurity researchers from Malwarebytes announced earlier this week that Agent Tesla now has a new module that steals Wi-Fi passwords by passing “wlan show profile” as argument, ultimately creating a new “netsh“.
“Available Wi-Fi names are then extracted by applying a regex: “All User Profile * : (?<profile>.*)”, on the stdout output of the process,” the researchers explain.
Besides Wi-Fi profiles, the malware can also collect data about the target system, including FTP clients, browsers, file downloaders, and machine information (computer and OS name, CPU architecture, RAM).
“We believe the threat actors may be considering using Wi-Fi as a mechanism for spread, similar to what was observed with Emotet,” said Malwarebytes. “Another possibility is using the Wi-Fi profile to set the stage for future attacks.”
Agent Tesla is a Remote Access Trojan (RAT) malware, available for purchase on the black market. It comes with a keylogger that allows the attacker to gather usernames and passwords from the target device. According to Bleeping Computer, it’s popular among criminals targeting businesses.