Skip to main content
Published Jun 18, 2019 | Updated Mar 18, 2024

PWS:Win32/AgentTesla

Detected by Microsoft Defender Antivirus

Aliases: No associated aliases

Summary

PWS:Win32/AgentTesla is a trojan designed to steal sensitive information. It possesses numerous features allowing it to collect data through various methods. Specifically, it targets Windows credentials and sensitive information from various applications such as browsers, email clients, FTP, VPN, etc.

To mitigate the issue, follow these steps:

  • Apply security updates promptly, especially for the specified vulnerabilities, on all applications and operating systems. Consult the Microsoft Security Update Guide for comprehensive information on available Microsoft Security updates.
  • Follow the principle of least privilege and maintain credential hygiene. Avoid using domain-wide, admin-level service accounts. Restrict local administrative privileges to mitigate the potential installation of remote access trojans (RATs) and other undesirable applications.
  • Network segmentation is useful in constraining the propagation of malware infections. The process involves partitioning a network into smaller segments, effectively confining an infection to a single segment rather than permitting its unrestricted spread across the entire network.
  • Promote the use of Microsoft Edge and other web browsers that support SmartScreen, a feature identifying and blocking malicious websites, including phishing sites, scam sites, and those hosting exploits or malware.
  • Block the launch of downloaded executable content by disabling JavaScript or VBScript.
Follow us