Snake Keylogger tracks keystrokes
Snake Keylogger is back again with a brand new malspam campaign distributing through phishing mails sent to corporate firms' managers. Bitdefender Antispam Labs found the campaign on 23 August 2022.
A Keylogger is a kind of malicious software that keeps record of your keystrokes and forwards it to hackers.
Keyloggers can be deployed in your system without you knowing, generally through a malicious infected website or email attachment.
In few cases, the hackers may use a physical Keylogger on your computer that maybe like a malicious USB drive or customised phone charging cable.
Campaign Details
As per the Bitdefender experts, the IP addresses used in the attack came from Vietnam, while the campaigns main targets were in USA, and over 1000 inboxes have received the phishing emails.
Threat actors leverage the corporate profile of Qatar's one of the leading IT and cloud services providers to lure victims into clicking a ZIP archive. The archive includes an executable file named “CPMPANY PROFILE.exe.”
As per Bitdefender blogpost, the file installs the malicious Snake Keylogger payload on the victim system's host. The data is extracted through SMTP.
About Snake Keylogger
It is an infamous info and credential stealing malware that steals sensitive information from victim's device. It has keyboard logging and screenshot capturing capabilities. It is a major threat to organizations due to its surveillance and data stealing capabilities.
Besides this, it can steal info from system keyboards. It is also known as 404 Keylogger. The malware came out in 2020 and can be found at underground forums/message boards for hundred dollars. The malware is generally used in campaigns driven by financial aims, these include fraud based campaigns and identity thefts.
How to stay safe?
A Keylogger tracks every keystroke a user makes, allowing hackers to get your passwords, personal information, and financial data. However, you can follow some steps to stay safe.
According to Bitdefender:
Always verify the origin and validity of correspondence before interacting with links or attachments, and deploy security solutions. Ensure that accounts are protected via two-factor (2FA) or multi-factor (MFA) authentication processes that will prevent cybercriminals from logging into accounts should your system get compromised, and install a security solution on their devices.
