The Hacker News
reports that the OriginLogger malware has emerged as the successor of the popular Agent Tesla remote access trojan
after its shutdown in March 2019.
OriginLogger, initially tagged as Agent Tesla version 3, was discovered by Palo Alto Networks' Unit 42 to be uploaded to VirusTotal on May 17, 2022, after finding a YouTube video dated November 2018 that explained its features.
Threat actors could use OriginLogger's builder binary executable to personalize data types to be captured and the sources from which data could be exfiltrated, according to Unit 42. Both OriginLogger and Agent Tesla have been distributed through a malicious Microsoft Word document, which shows a German citizen's passport image and credit card, as well as several Excel worksheets.
"The malware uses tried and true methods and includes the ability to keylog, steal credentials, take screenshots, download additional payloads, upload your data in a myriad of ways and attempt to avoid detection," said Unit 42 researcher Jeff White.