OriginLogger Picks Up Where Agent Tesla Left Off To Record Your Activities
OriginLogger is the name of a newly discovered malicious tool. A detailed report on the malware was recently published by a research team with the Unit 42 division of Palo Alto Networks.
OriginLogger has been advertised as the next evolution of the older Agent Tesla malware. Agent Tesla has been around for nearly a decade. Coded using .NET, Agent Tesla went through two previous evolutionary updates.
The newest incarnation and third major update is OriginLogger - a piece of malware that combines keylogger and infostealer functionality. The malware is sold as a customizable builder binary, allowing hackers who purchased the malware to specify the type of information they want scraped from targeted systems, as well as the list of applications that OriginLogger will attempt to scrape for credentials as well.
OriginLogger is deployed on the victim system through process hollowing, injecting the final payload into a legitimate process.