menu_book Malware Family

Agent Tesla

Also known as: AgentTesla

Agent Tesla is a long-established .NET-based infostealer and remote access tool that logs keystrokes, captures screenshots, and steals credentials from browsers, email, and FTP clients. It is one of the most frequently observed malware families in phishing campaigns.

What is Agent Tesla?

Agent Tesla is a commodity infostealer and keylogger that has been active for years. It captures keystrokes, clipboard contents, and screenshots, and extracts stored credentials from a wide range of browsers, email clients, VPN, and FTP applications.

Distribution

Agent Tesla is overwhelmingly delivered through phishing emails with malicious attachments, often themed around invoices, shipping, or business correspondence. Exfiltration commonly occurs over SMTP, FTP, or Telegram.

How VantaPrism Tracks Agent Tesla

VantaPrism complements endpoint defences by surfacing credentials exposed through commodity stealers like Agent Tesla when they reach distribution channels.

Check Your Exposure arrow_forward

Frequently Asked Questions

Is Agent Tesla a keylogger or a stealer?

expand_more

Both. Agent Tesla logs keystrokes and screenshots while also extracting stored credentials, functioning as a combined keylogger and infostealer.

Related Terms

Infostealer Malware arrow_outward

Infostealer malware is a category of malicious software designed to silently harvest sensitive data — passwords, sess…

Keylogger arrow_outward

A keylogger is malware or hardware that records a user's keystrokes to capture passwords, messages, and other sensiti…

Phishing arrow_outward

Phishing is a social-engineering attack that deceives victims into revealing credentials or running malware, usually…

Compromised Credentials arrow_outward

Compromised credentials are usernames and passwords that have been exposed to unauthorized parties — frequently throu…

← All Glossary Terms Last reviewed: June 2026