2 min read

Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

Alina BÎZGĂ

August 30, 2022

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

Snake Keylogger has slithered its way back into the threat landscape this week in a new malspam campaign that appears to be targeting IT decision makers within organizations.

The email campaign delivering the notorious Snake Keylogger was observed by Bitdefender Antispam Labs on Aug. 23, and seems to primarily target recipients in the US. The attack, originating from IP addresses in Vietnam, has already reached thousands of inboxes, according to Bitdefender telemetry.

In this attack, threat actors leverage the corporate portfolio of a legitimate Qatari-based IT provider of cloud storage and security solutions to trick potential victims into opening a malicious ZIP archive.

Snake Malware Phishing Email

The archive (ba8e072f51e1b944bfa3466da15cefa3) contains an executable CPMPANY PROFILE.exe(9df140013f2b8627f7ea911d9767acdc) which loads the Snake Keylogger payload onto the victims’ system host. Captured data is exfiltrated via SMTP.

Snake Keylogger (also known as 404 Keylogger) is an info-stealer that exfiltrates sensitive information from infected systems and has keyboard logging and screenshot capabilities, as well as the ability to extract information from systems’ clipboards. The infamous credential-stealing trojan appeared in late 2020 and can be found on message boards and underground marketplaces for just a couple of hundred dollars or less, depending on the level of service the customer requires.

Snake infections are mostly financially motivated, with individuals potentially facing identity theft and fraud, among other crimes. The credential-stealing malware also poses a high security risk for enterprises due to its data-harvesting and spy tool capabilities that could allow threat actors to gain access to high-level accounts and deploy more crippling attacks within an organization.

Previously, Snake attacks have been known to leverage Microsoft Office documents (Word and Excel) and PDFs, which makes them highly efficient social engineering tactics.

Cybercriminals running the campaign could make victims susceptible to major security and privacy threats, including holding data for ransom and exfiltrating financial data.

To help protect yourself and your organization against keylogger attacks, always verify the origin and validity of correspondence before interacting with links or attachments, and deploy security solutions. Ensure that accounts are protected via two-factor (2FA) or multi-factor (MFA) authentication processes that will prevent cybercriminals from logging into accounts should your system get compromised, and install a security solution on their devices.

Bitdefender customers are protected from Snake malware. This malspam campaign is detected by the Bitdefender antispam technology and the

the attachment is detected as Trojan.GenericKD.61435093and blocked by both our consumer and enterprise solutions.

With Bitdefender Total Security and XDR, users and businesses enjoy the best anti-malware protection and threat detection and response against e-threats across all major operating systems. The real-time protection feature included in Bitdefender security solutions safeguards against e-threats, including keyloggers or spyware, viruses, worms, Trojans, ransomware and zero-day exploits, to keep you and your data safe.

Note: This article is based on technical information courtesy of Bitdefender Labs

tags


Author



Right now

Top posts

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read
Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

August 30, 2022

2 min read
What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read
Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

July 07, 2022

5 min read
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Cybercrooks Leverage Death of Queen Elizabeth II to Steal Users’ Microsoft Credentials Cybercrooks Leverage Death of Queen Elizabeth II to Steal Users’ Microsoft Credentials
Alina BÎZGĂ

September 15, 2022

2 min read
Spammers switch tactics by asking recipients to call toll-free numbers in PayPal phishing campaign Spammers switch tactics by asking recipients to call toll-free numbers in PayPal phishing campaign
Alina BÎZGĂ

September 14, 2022

3 min read
August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War
Alina BÎZGĂ

August 31, 2022

4 min read