Agent Tesla malware variants are now using new techniques to try and eradicate endpoint antivirus security.
On Tuesday, Sophos researchers said that two new variants of the Remote Access Trojan (RAT) are targeting Microsoft Anti-Malware Software Interface (AMSI), scanning and analysis software designed to prevent malware infections from taking hold.
Agent Tesla operators will now attempt to tamper with AMSI to degrade its defenses and remove endpoint protection at the point of execution. If successful, this allows the malware to deploy its full payload.
Read more…
Source: ZDNet