A new and dangerous keylogger is on the loose - here's how to stay safe

A white padlock on a dark digital background.

(Image credit: Shutterstock.com)

Snake Keylogger seen in more than 280 million blocked infection attempts
The malware uses advanced obfuscation mechanics
There are ways to defend the endpoints

Cybersecurity researchers from Fortinet have warned about a new, dangerous threat called Snake Keylogger.

This information-stealing piece of malware has been observed in more than 280 million infection attempts blocked just by Fortinet’s solutions, meaning the threat is widespread, and the threat actors are casting quite a wide net.

In its in-depth report, Fortinet says that Snake Keylogger is most prevalent in China, Turkey, Indonesia, Taiwan, and Spain, but added that its widespread presence highlights it as a global threat.

Advanced evasion techniques

The malware is primarily being spread through phishing emails with malicious attachments and links, and is used to steal sensitive information from browsers such as Chrome, Edge, or Firefox. Furthermore, Snake Keylogger can log keystrokes, capture credentials, and monitor for clipboard activity. Finally, it uses SMTP (email) and Telegram bots to exfiltrate whatever information it steals.

What makes this malware particularly dangerous is its use of AutoIT for evasion, Fortinet further explains. By hiding malicious code within compiled AutoIT scripts, the threat actors are making static analysis difficult, and ensure that the executables make it past traditional antivirus detection solutions.

There are ways to mitigate risks, though. Fortinet says that users should be careful with incoming email messages, and should avoid opening unsolicited email attachments, or clicking on unexpected links. Furthermore, users should make sure their antivirus software is up-to-date, and should keep their other software patched up, as well.

Finally, the cybersecurity community should continue working on improving user awareness on topics such as phishing, social engineering, and identity theft.

Keyloggers and infostealers are dangerous pieces of malware since they grant attackers keys to the kingdom, which can later be used in ransomware attacks, extortion, and more. In this particular case, Fortinet did not say who built the keylogger, or if they usually target a specific industry.

Via Infosecurity Magazine

This new keylogger uses Microsoft PowerShell scripts to quietly steal sensitive information — here’s how to protect your data
We've rounded up the best password managers
Take a look at our guide to the best authenticator app

TOPICS

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.