The Hacker News reports that the OriginLogger malware has emerged as the successor of the popular Agent Tesla remote access trojan after its shutdown in March 2019.
OriginLogger, initially tagged as Agent Tesla version 3, was discovered by Palo Alto Networks' Unit 42 to be uploaded to VirusTotal on May 17, 2022, after finding a YouTube video dated November 2018 that explained its features.
Threat actors could use OriginLogger's builder binary executable to personalize data types to be captured and the sources from which data could be exfiltrated, according to Unit 42. Both OriginLogger and Agent Tesla have been distributed through a malicious Microsoft Word document, which shows a German citizen's passport image and credit card, as well as several Excel worksheets.
"The malware uses tried and true methods and includes the ability to keylog, steal credentials, take screenshots, download additional payloads, upload your data in a myriad of ways and attempt to avoid detection," said Unit 42 researcher Jeff White.
Officials, journalists, and activists across Armenia were reported by Access Now, Citizen Lab, Amnesty International, CyberHUB-AM, and independent researcher Ruben Muradyan to have been targeted in at least 12 instances with the NSO Group's Pegasus spyware, Reuters reports.
Intellexa's commercial Predator spyware, which has been used in surveillance operations targeted at European politicians, Meta executives, and journalists, has been deploying its Alien loader to the 'zygote64' Android process to enable more spyware components, according to BleepingComputer.