OriginLogger

OriginLogger is a potent info stealer threat that can be deployed on breached devices collect sensitive and confidential data. The threat could be viewed as a potential successor to the infamous Agent Tesla malware. The Agent Tesla shut down its operations back in 2019 due to serious legal issues. According to a report by the researchers at Palo Alto Networks Unit 42, what was initially thought to be version 3 of the Agent Tesla threat is actually the new malware strain of OriginLogger. Still, it should be mentioned that there is strong evidence that the development of OriginLogger simply picked up and continued from what was left of Agent Tesla.

The capabilities of OriginLogger can be customized based on the specific requirements of the clients. After all, the threat is being offered for sale to interested parties. The malware can be instructed to capture data from the infected system's clipboard, take arbitrary screenshots, run keylogging routines, and steal data/credentials from popular applications and services, such as browser and email clients. The obtained data can be exfiltrated via several different ways, including SMPT, FTP, uploads to the OriginLogger panel and even to Telegram accounts. It should be noted that although not often used, OriginPanel has the capability to deploy additional files to the infected systems, a characteristic often found in RAT (Remote Access Trojan) threats.