Skip to main content

Agent Tesla Malware Steals WiFi Passwords From Infected Users

By April 29, 2020May 5th, 2022Cybersecurity

A few new variants of the Agent Tesla info-stealer malware have been spotted in the wild and should be on your radar if they’re not already.

The new variants are more dangerous than previous versions of the malware. They now sport a module that enables them to scrape WiFi passwords from devices they invest.

That will enable them to lurk in the background and install additional malware later, even after the initial infection has been found and cleared. It also makes these new variants to compromise other systems that reside on, or connect to the same compromised wireless network.

The authors of the new variants took pains to heavily obfuscate the code to make it more difficult to detect. The new capabilities revolve around the addition of a combination of the “netsh” command, coupled with a “wlan show profile” argument that lists all available WiFi profiles in a convenient format.

To actually get at the passwords, once the netsh command is run, a key-clear argument is used to show and extract the password for each profile in plain text format.

A report compiled by Malwarebytes had this to say about the newly discovered code:

In addition to wifi profiles, the executable collects extensive information about the system including FTP clients, browsers, file downloaders, machine info (username, computer name, OS name, CPU architecture, RAM) and adds them into a list. We believe this may be used as a mechanism to spread, or perhaps to set the stage for future attacks.”

Agent Tesla isn’t the only malware to have been upgraded in recent months. Emotet, which went for more than two years without a significant upgrade, has recently been spotted in the wilds sporting new WiFi stealing capabilities. It seems to point to a newly emerging trend in the hacking world.

Jason Manteiga

Jason J. Manteiga, Vice President of Olmec Systems, has been part of the company for over the past 20 years. He believes that having a great work environment and supportive team, is the ultimate key to success. Since being in the IT realm for over 25 years, Jason, along with Olmec Systems, has been on the Inc. 5000 “List of America’s Fastest Growing Private Companies” and Channel Futures MSP 501 “Top Managed Service Providers in North America,” along with other awards and nominations. Jason earned his Bachelor Degree in Information Systems from the New Jersey Institute of Technology. He also holds certifications in Microsoft MCSE, VMWare VCP, and Cisco CCNA. In his spare time, Jason is a contributor for The Center for Social & Legal Research (Privacy Exchange) and a member of the Morris County Chamber of Commerce. His hobbies include cycling and kayaking. He currently lives in New Jersey with his wife, two daughters and son.