SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Snake Keylogger credential stealer slithers back on the radar of ANZ businesses
Tue, 13th Sep 2022
FYI, this story is more than a year old

Snake Keylogger – a .NET keylogger and credential stealer whose main function is to record users’ keystrokes on computers or mobile devices and transmit data to threat actors – has re-emerged on the threat landscape with a brand new malspam campaign targeting IT decision-makers.

Bitdefender Antispam Labs first detected the new campaign on August 23, targeting primarily US recipients, but given Snake is known to leverage Microsoft Office documents widely used in Australia and New Zealand, the region’s IT and security teams should be cautious.

Our telemetry shows the trojan – which originated from IP addresses in Vietnam – has already reached thousands of inboxes. Threat actors have been observed leveraging the corporate portfolio of a legitimate Qatari-based cloud storage and security solutions provider to trick potential victims into opening a malicious ZIP archive.

Snake Keylogger (also referred to as 404 Keylogger) operates as an info stealer exfiltrating sensitive information from infected systems. It has keyboard logging and screenshot capabilities coupled with the ability to extract data straight from systems’ clipboards.

The infamous trojan was born in late 2020 and has been spotted on message boards and underground marketplaces for just a few hundred dollars or less, depending on the level of service the client requires. Snake infections are typically financially motivated, with individuals potentially facing identity theft and fraud, among other crimes.

Further, the credential-stealing malware also poses a high security risk for businesses due to its data-harvesting and spy tool capabilities that could allow threat actors to gain access to high-level accounts and deploy even more crippling attacks.

Microsoft Word and Excel, as well as PDFs, have been common targets for Snake, making for highly efficient social engineering tactics. Cybercriminals running Snake campaigns can potentially make victims susceptible to major security and privacy threats, including holding data for ransom and exfiltrating financial data.

Avoiding a Snake bite

There are some key tools for organisations and people in ANZ to protect themselves from Snake and other keylogger attacks.

Always verify the origin and validity of correspondence before clicking links or opening / downloading attachments. Accounts should be protected via two-factor (2FA) or multi-factor (MFA) authentication.

These steps should prevent threat actors from logging into accounts in the event that systems become compromised.

Bitdefender has also already taken steps to protect business and consumer customers from Snake. The malspam campaign is detected by our antispam technology, and any attachments are automatically detected and blocked.