A new and dangerous keylogger is on the loose – here’s how to stay safe
- Snake Keylogger seen in more than 280 million blocked infection attempts
- The malware uses advanced obfuscation mechanics
- There are ways to defend the endpoints
Cybersecurity researchers from Fortinet have warned about a new, dangerous threat called Snake Keylogger.
This information-stealing piece of malware has been observed in more than 280 million infection attempts blocked just by Fortinet’s solutions, meaning the threat is widespread, and the threat actors are casting quite a wide net.
In its in-depth report, Fortinet says that Snake Keylogger is most prevalent in China, Turkey, Indonesia, Taiwan, and Spain, but added that its widespread presence highlights it as a global threat.
Advanced evasion techniques
The malware is primarily being spread through phishing emails with malicious attachments and links, and is used to steal sensitive information from browsers such as Chrome, Edge, or Firefox. Furthermore, Snake Keylogger can log keystrokes, capture credentials, and monitor for clipboard activity. Finally, it uses SMTP (email) and Telegram bots to exfiltrate whatever information it steals.
What makes this malware particularly dangerous is its use of AutoIT for evasion, Fortinet further explains. By hiding malicious code within compiled AutoIT scripts, the threat actors are making static analysis difficult, and ensure that the executables make it past traditional antivirus detection solutions.
There are ways to mitigate risks, though. Fortinet says that users should be careful with incoming email messages, and should avoid opening unsolicited email attachments, or clicking on unexpected links. Furthermore, users should make sure their antivirus software is up-to-date, and should keep their other software patched up, as well.
Finally, the cybersecurity community should continue working on improving user awareness on topics such as phishing, social engineering, and identity theft.
Keyloggers and infostealers are dangerous pieces of malware since they grant attackers keys to the kingdom, which can later be used in ransomware attacks, extortion, and more. In this particular case, Fortinet did not say who built the keylogger, or if they usually target a specific industry.
You might also like
Snake Keylogger seen in more than 280 million blocked infection attempts The malware uses advanced obfuscation mechanics There are ways to defend the endpoints Cybersecurity researchers from Fortinet have warned about a new, dangerous threat called Snake Keylogger. This information-stealing piece of malware has been observed in more than 280…
