A new and dangerous keylogger is on the loose - here's how to stay safe

News
By
published

Learn more about the dangerous Snake Keylogger

A white padlock on a dark digital background.
(Image credit: Shutterstock.com)
  • Snake Keylogger seen in more than 280 million blocked infection attempts
  • The malware uses advanced obfuscation mechanics
  • There are ways to defend the endpoints

Cybersecurity researchers from Fortinet have warned about a new, dangerous threat called Snake Keylogger.

This information-stealing piece of malware has been observed in more than 280 million infection attempts blocked just by Fortinet’s solutions, meaning the threat is widespread, and the threat actors are casting quite a wide net.

In its in-depth report, Fortinet says that Snake Keylogger is most prevalent in China, Turkey, Indonesia, Taiwan, and Spain, but added that its widespread presence highlights it as a global threat.

Advanced evasion techniques

The malware is primarily being spread through phishing emails with malicious attachments and links, and is used to steal sensitive information from browsers such as Chrome, Edge, or Firefox. Furthermore, Snake Keylogger can log keystrokes, capture credentials, and monitor for clipboard activity. Finally, it uses SMTP (email) and Telegram bots to exfiltrate whatever information it steals.

What makes this malware particularly dangerous is its use of AutoIT for evasion, Fortinet further explains. By hiding malicious code within compiled AutoIT scripts, the threat actors are making static analysis difficult, and ensure that the executables make it past traditional antivirus detection solutions.

There are ways to mitigate risks, though. Fortinet says that users should be careful with incoming email messages, and should avoid opening unsolicited email attachments, or clicking on unexpected links. Furthermore, users should make sure their antivirus software is up-to-date, and should keep their other software patched up, as well.

Finally, the cybersecurity community should continue working on improving user awareness on topics such as phishing, social engineering, and identity theft.

Keyloggers and infostealers are dangerous pieces of malware since they grant attackers keys to the kingdom, which can later be used in ransomware attacks, extortion, and more. In this particular case, Fortinet did not say who built the keylogger, or if they usually target a specific industry.

Via Infosecurity Magazine

You might also like

TOPICS
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

More about security
A concept image of someone typing on a computer. A red flashing danger sign is above the keyboard and nymbers and symbols also in glowing red surround it.

These fake macOS updates are actually just looking to spread malware
Ransomware

Lee Enterprises blames cyberattack for encrypting critical systems as US newspaper outages drag on
Bookie

Max just canceled a comedy show with 90% on Rotten Tomatoes from a huge name – and fans of Bookie are not happy
See more latest