This week, a fresh malspam campaign that appears to be aimed at enterprise IT decision-makers made its way back into the threat landscape. On August 23, Bitdefender Antispam Labs learned about the email campaign delivering the notorious Snake Keylogger. It seems to mostly be aimed towards US users. The attack, which originated from IP addresses in Vietnam, has already affected thousands of inboxes, according to Bitdefender telemetry.
Threat actors in this attack leverage the business portfolio of a reputed Qatari IT provider of cloud storage and security solutions to dupe potential victims into opening a malicious ZIP archive.
In the archive (ba8e072f51e1b944bfa3466da15cefa3), the software COMPANY PROFILE.exe (9df140013f2b8627f7ea911d9767acdc) installs the Snake Keylogger payload onto the system host of the victims. Data recorded is exfiltrated using SMTP.
Snake Keylogger, also known as 404 Keylogger, is a data thief that can record keystrokes from infected PCs, take screenshots, and copy data from clipboards. Additionally, it can monitor keyboard usage. The infamous credential-stealing software may be purchased on message boards and dark web marketplaces for just a few hundred dollars or less, depending on the level of service the consumer requires.
The majority of snake bites are financially motivated, and victims may also be subjected to other crimes including identity theft and fraud. The credential-stealing malware also poses a serious security concern for enterprises because of its ability to collect data and act as a spy tool. Threat actors might get access to high-level accounts as a result and carry out more harmful attacks on a company.
In the past, PDFs and Microsoft Office documents (Word and Excel) have been used in Snake assaults, making them particularly potent social engineering methods.
Cybercriminals running the campaign run the risk of putting their victims at major security and privacy risk, like data ransom and financial data exfiltration.
Use security tools to help protect yourself and your company from keylogger attacks, and always verify the origin and legality of correspondence before clicking any links or attachments. Install a security program on their devices, and make sure that two-factor (2FA) or multi-factor (MFA) authentication processes are used to safeguard accounts. These measures will prevent hackers from accessing accounts if your system is hacked.
Users of Bitdefender are shielded from the snake virus. Both the Bitdefender spam filter and the Bitdefender anti-spam technology have identified this spam campaign.
Our enterprise and consumer solutions both classify the attachment as a Trojan. GenericKD.61435093, and forbid its opening.
With Bitdefender Total Security and XDR, users and businesses receive the best anti-malware protection, threat detection, and response against e-threats across all major operating systems. Bitdefender security solutions provide real-time protection against e-threats like keyloggers or spyware, viruses, worms, Trojan horses, ransomware, and zero-day exploits to protect you and your data.
