- Snake Keylogger seen in more than 280 million attempted infection blocked
- Malware uses advanced obscuscations
- There are ways to defend the ending points
Fortinet cybersecurity researchers warned against a new dangerous threat called Snake Keylogger.
This malicious information theft software has been observed in more than 280 million attempts at infection blocked just by Fortinet solutions, which means that the threat is widespread, and threat actors throw a fairly net wide.
In his detailed report, Fortinet says that Snake Keylogger is the most widespread in China, Turkey, Indonesia, Taiwan and Spain, but added that his widespread presence highlights him as a global threat.
Advanced escape techniques
Malware is mainly distributed by phishing emails with attachments and malicious links, and is used to steal sensitive information to browsers such as Chrome, Edge or Firefox. In addition, Snake Keylogger can record strikes, capture identification information and monitor the activity of the clipboard. Finally, he uses SMTP (E-mail) and Telegram Bots to exfiltrate all the information it flies.
What makes this software maliciously particularly dangerous is that its use of Autoit for the escape, explains Fortinet. By hiding malicious code in compiled auto scripts, threat actors make a static analysis difficult and ensure that executables pass traditional antivirus detection solutions.
However, there are ways to mitigate risks. Fortinet says that users must be careful with incoming electronic messages and should avoid opening unlined attachments or click on unexpected links. In addition, users must ensure that their antivirus software is up to date and should also keep their other distributed software.
Finally, the cybersecurity community should continue to work on improving user awareness on subjects such as phishing, social engineering and identity theft.
Keyloggers and infosteralists are dangerous pieces of malicious software because they grant keys of attackers in the kingdom, which can later be used in ransomware attacks, extortion, etc. In this particular case, Fortinet did not say who had built the keylogger, or if they generally target a specific industry.
Via Infosecurity magazine
