Snake Keylogger has been spotted again in a new malspam campaign, using phishing emails sent to corporate IT enterprises’ managers. The recent campaign was spotted on 30 August.

How campaign works?

According to Bitdefender, the IP addresses used in the attack are from Vietnam. The phishing email primarily targeted thousands of inboxes of people in the U.S.
  • Attackers used the corporate profile of one of Qatar’s IT and cloud services providers to fool victims into opening a ZIP archive accompanying the emails. 
  • This archive has an EXE file, CPMPANY PROFILE[.]exe, which loads the payload on the host and data is exfiltrated via SMTP.

About Snake Keylogger

Snake Keylogger (aka 404 Keylogger) is an info-stealer that steals sensitive information from compromised systems and clipboard contents. It is capable of taking screenshots and keyboard logging as well.
  • The stealer was spotted in late 2020 and found on underground marketplaces for a couple of hundred dollars or less, based on the level of service the customer demands.
  • Further, the infections are financially motivated, with victims facing identity theft and fraud.

Earlier in May, Snake Keylogger operators were observed using Office documents (Word/Excel) and PDFs in their social engineering attacks. 

What to do?

To stay protected from keylogger attacks, always verify the email address before interacting with links or attachments. Ensure accounts are protected with 2FA processes to prevent attackers from logging into accounts. Further, install a reliable security solution and keep all the applications patched.
Cyware Publisher

Publisher

Cyware