- Snake Keylogger seen in more than 280 million attempts of blocked infection
- Malware uses advanced obfuscation mechanics
- There are ways to defend the final points
Fortinet cybersecurity researchers have warned about a new dangerous threat called Snake Keylogger.
This piece of information theft of information has been observed in more than 280 million infection attempts blocked only by Fortinet’s solutions, which means that the threat is widespread, and the actors in the threat are launching a fairly wide network .
In its in -depth report, Fortinet says that Snake Keylogger is more frequent in China, Turkey, Indonesia, Taiwan and Spain, but added that his generalized presence stands out as a global threat.
Advanced Evasion Techniques
Malware is extending mainly through phishing emails with malicious attachments and links, and is used to steal confidential information from browsers such as Chrome, Edge or Firefox. In addition, snake Keylogger can record the registration keys, capture credentials and monitor the activity of the clipboard. Finally, use SMTP (email) bots and telegram to exfiltrate any information you steal.
What makes this malware particularly dangerous is its use of selfit for evasion, Fortinet explains. When hiding the malicious code within the compiled selfits scripts, threat actors are making static analysis difficult and ensure that executables are overcome by traditional antivirus detection solutions.
However, there are ways to mitigate risks. Fortinet says that users should be careful with incoming email messages and should avoid opening unre requested attachments or clicking on unexpected links. In addition, users must ensure that their antivirus software is updated and should also maintain their other repaired software.
Finally, the cybersecurity community should continue working to improve user awareness on topics such as Phishing, Social Engineering and identity theft.
Keyloggers and infotents are dangerous pieces of malware, since they grant the keys to the attackers to the kingdom, which can then be used in ransomware, extortion and more attacks. In this particular case, Fortinet did not say who built the Keylogger, or if they generally go to a specific industry.
Through Infosecurity magazine
