Snake Keylogger has slithered its way back into the threat landscape this week in a new malspam campaign that appears to be targeting IT decision makers within organizations.
The email campaign delivering the notorious Snake Keylogger was observed by Bitdefender Antispam Labs on Aug. 23, and seems to primarily target recipients in the US. The attack, originating from IP addresses in Vietnam, has already reached thousands of inboxes, according to Bitdefender telemetry.
In this attack, threat actors leverage the corporate portfolio of a legitimate Qatari-based IT provider of cloud storage and security solutions to trick potential victims into opening a malicious ZIP archive.
Snake Malware Phishing Email
The archive (ba8e072f51e1b944bfa3466da15cefa3) contains an executable CPMPANY PROFILE.exe(9df140013f2b8627f7ea911d9767acdc) which loads the Snake Keylogger payload onto the victims’ system host. Captured data is exfiltrated via SMTP.
Snake Keylogger (also known as 404 Keylogger) is an info-stealer that exfiltrates sensitive information from infected systems and has keyboard logging and screenshot capabilities, as well as the ability to extract information from systems’ clipboards. The infamous credential-stealing trojan appeared in late 2020 and can be found on message boards and underground marketplaces for just a couple of hundred dollars or less, depending on the level of service the customer requires.
Snake infections are mostly financially motivated, with individuals potentially facing identity theft and fraud, among other crimes. The credential-stealing malware also poses a high security risk for enterprises due to its data-harvesting and spy tool capabilities that could allow threat actors to gain access to high-level accounts and deploy more crippling attacks within an organization.
Previously, Snake attacks have been known to leverage Microsoft Office documents (Word and Excel) and PDFs, which make ..
Support the originator by clicking the read the rest link below.
