Microsoft Office Vulnerability Is Gateway For Agent Tesla Trojan Horse

Microsoft Office Vulnerability Is Gateway to Agent Tesla Malware Trojan Horse

Agent Tesla is an infamous Trojan Horse malware functioning as a keylogger and data thief. Initially detected in 2014, this sophisticated keylogger possesses capabilities such as screen capturing, screen logging, clipboard logging, and extracting stored login credentials and financial information from infected web browsers.

According to, researchers have recently uncovered ongoing attacks by Agent Tesla targeting Windows systems in order to illicitly obtain valuable data. The malware written in .NET, was initially available on the clear web in 2014, even though its modus operandi was designed to pilfer sensitive information from its victims. However, due to legal complications arising from its widespread distribution, Agent Tesla was eventually forced to cease its operations in March 2019.

Agent Tesla Takes Advantage of 2017 Microsoft Office Vulnerability

Now SC Magazine has revealed Agent Tesla is back infecting vulnerable versions of Microsoft Office. The publication states the malware takes advantage of a 2017 vulnerability known as CVE-2017-11882, which is present in the Equation Editor of Microsoft Office. This vulnerability is caused by a flaw in the software’s memory management system for objects.

The Agent Tesla infection initiates when threat actors disseminate spam emails containing malicious attachments, with the intention of enticing users on susceptible versions of Microsoft Excel to open these emails and subsequently download the attachments.

“It is disheartening for security professionals to see that the threat actor exploits a vulnerability from 2017,” said Tim Royston-Webb, CEO, SentryBay. “This emphasizes the unfortunate reality that numerous organizations not only neglect to update their software but also operate on outdated versions that are no longer supported. Consequently, these organizations become vulnerable targets for breaches.”

Agent Tesla still poses a significant risk

According to Hacker News, despite its age, the CVE-2017-11882 vulnerability continues to pose a significant risk due to its capability to execute code with user-level privileges. The phishing campaigns employ deceptive Excel files in invoice-themed emails, making it a highly dangerous threat.

The resurgence of Agent Tesla highlights the fact that older vulnerabilities can still be exploited if they are not addressed through patches. Despite being discovered several years ago, CVE-2017-11882 remains a persistent threat, suggesting that numerous systems have not been updated or are still running outdated software versions.

As long as software companies continue to discontinue support for their products at a faster pace than organizations can keep up with upgrades, the internet will remain divided between those who prioritize security and those who do not. Security professionals must have a thorough understanding of the potential consequences of falling prey to remote access trojan malware like Agent Tesla. This malicious software allows cybercriminals to gain covert control over victims’ computers, leading to espionage, data theft and unauthorized access to sensitive systems.

Countering the Agent Tesla Threat with SentryBay

“The Agent Tesla malware highlights a critical cybersecurity threat to Windows systems and Microsoft Office with the 2017 vulnerability and is known for its effectiveness in harvesting sensitive data, including credentials, keystrokes, clipboard data, and screenshots. This level of intrusion poses a significant risk to both personal and organizational security,” commented Brent Agar, Director of Business Development, SentryBay North America. “In this context, the role of SentryBay’s DataSAFE solution becomes crucial. DataSAFE is specifically designed to counter such advanced cyber threats. It provides robust protection against the exact types of data breaches caused by Agent Tesla. By securing endpoints against unauthorized access and data exfiltration, DataSAFE effectively prevents the harvesting of credentials, intercepts malicious keystrokes, safeguards clipboard data, and blocks unauthorized screenshots. This comprehensive protection is akin to a digital shield, guarding against the multifaceted threats posed by sophisticated malware like Agent Tesla.”

In conclusion, the battle against complex and invasive malware like Agent Tesla underscores the necessity for advanced cybersecurity solutions like SentryBay’s DataSAFE. This patented solution is a testament to the importance of innovative and proactive measures in the realm of digital security, ensuring that personal and organizational data remain safeguarded against such sophisticated threats.

Latest Posts

Follow Us On