Password security has always been a challenge. Brute force attacks are constantly getting more powerful, but they aren’t the only threat you have to worry about. A range of password stealing malware continues to grow in popularity.
One example, Agent Tesla, has seen its detection rate grow 100% in just three months, according to data from LastLine. Despite this rapid growth, Agent Tesla is far from the most popular. That title goes to Pony, which represents 39% of the total password stealer detections, according to Blueliv’s 2018 report, The Credential Theft Ecosystem. LokiPWS and KeyBase trailed Pony at 28% and 16%, respectively.
These password stealers are each capable of stealing credentials and other information from a wide variety of programs. Each is unique with its own techniques for delivery and a range of features that hackers can use to mount attacks.
Despite the differences, each of these programs can have severe impacts on their victims. The negative impacts can range from having all of the money stolen from an individual’s accounts, to the theft of a company’s intellectual property. The key features of some of the most common password stealers are listed below:
Like most password stealers, Agent Tesla can access a wide variety of your information, ranging from your credentials to your keystrokes. It can even take screenshots and videos from your device’s camera. Agent Tesla targets a number of major programs, including web browsers, email clients, FTP applications and other commonly used software.
Once Agent Tesla has been installed on a target’s computer, it can also be used to download other malware. This feature allows threat actors to intensify their attacks and make them even more devastating.
Its pricing shows that the malware industry hasn’t been left behind in the X-as-a-service boom, because it is available as part of a plan that starts from $15 per month. This price includes all the 24/7 support someone might need to assist them in their criminal endeavors. Of course, payments are made in Bitcoin.
Despite running what must have been an incredibly profitable business, Agent Tesla’s creators have recently posted an update stating it will crack down on illegal use of the program. Under its terms of service, it declares that the software must only be used within the law, but features such as anti-antivirus throw these intentions into question.
Due to the recent media attention that Agent Tesla has received, the developers will strip some of its more questionable features, such as anti-antivirus and webcam capture. They also claim to be banning those who are using the program maliciously. Only time will tell whether the creators are sincere, or if this is merely an attempt to keep the authorities from knocking down their doors.
Pony is currently the most popular password stealer, but it’s certainly not new. In the past, it has been used to control a number of enormous botnets, which by 2013 had already stolen more than two million credential sets.
In 2014, it involved into a series of attacks that stole $200,000 worth of cryptocurrencies, as well as 700,000 sets of credentials. In recent years, Pony has seen prominence as a loader alongside other malware, such as CryptoWall and Angler. These programs, a type of ransomware and an exploit kit, respective