Skip to main content

Agent Tesla malware receives module for stealing Wi-Fi passwords

(Image credit: Mediacom)

Agent Tesla, an information gathering malware, has received an upgrade and is now capable of stealing Wi-Fi passwords from infected machines, according to a new report.

Cybersecurity researchers from Malwarebytes announced earlier this week that Agent Tesla now has a new module that steals Wi-Fi passwords by passing “wlan show profile” as argument, ultimately creating a new “netsh“.

“Available Wi-Fi names are then extracted by applying a regex: “All User Profile * :  (?<profile>.*)”, on the stdout output of the process,” the researchers explain.

Besides Wi-Fi profiles, the malware can also collect data about the target system, including FTP clients, browsers, file downloaders, and machine information (computer and OS name, CPU architecture, RAM).

“We believe the threat actors may be considering using Wi-Fi as a mechanism for spread, similar to what was observed with Emotet,” said Malwarebytes. “Another possibility is using the Wi-Fi profile to set the stage for future attacks.”

Agent Tesla is a Remote Access Trojan (RAT) malware, available for purchase on the black market. It comes with a keylogger that allows the attacker to gather usernames and passwords from the target device. According to Bleeping Computer, it’s popular among criminals targeting businesses.

Sead Fadilpašić

Sead is a freelance journalist with more than 15 years of experience in writing various types of content, from blogs, whitepapers, and reviews to ebooks, and many more, across sites including Al Jazeera Balkans, TechRadar Pro, IT Pro Portal, and CryptoNews.