SnakeKeylogger, a classy multistage malware, has emerged as a major menace to each people and companies by focusing on delicate login credentials.
This malware marketing campaign is characterised by its stealthy in-memory execution and multi-stage an infection chain, making it difficult to detect.
The assault begins with a malicious spam e-mail containing a .img file attachment, which, when opened, creates a digital drive.
Inside this drive, an executable file masquerades as a PDF doc, growing the probability of it being opened by unsuspecting recipients.
Assault Chain and Methods
The malware follows a scientific method to reap credentials and different delicate knowledge.
Upon execution, the preliminary stage acts as a downloader and loader, connecting to a distant server to fetch encoded payloads disguised as media recordsdata.
In line with the Report, these payloads are decrypted in reminiscence, avoiding disk-based detection.
The malware then hundreds obfuscated DLLs into reminiscence and injects malicious code into authentic processes, comparable to these associated to the .Internet Framework.
Particularly, it targets InstallUtil.exe utilizing course of hollowing, a way the place a authentic course of is spawned, its reminiscence is unmapped, and malicious code is injected earlier than resuming execution.
Targets and Impression
SnakeKeylogger targets a variety of functions to steal delicate knowledge, together with net browsers like Google Chrome, Mozilla Firefox, and e-mail shoppers comparable to Microsoft Outlook and Thunderbird.
It additionally extracts saved FTP credentials from FileZilla.
The malware accesses vital registry areas to extract e-mail account particulars and configurations, doubtlessly compromising e-mail accounts and bypassing multi-factor authentication.
The stolen credentials can be utilized for enterprise e-mail compromise, additional intrusions, or offered on underground markets.
The attackers keep a secure infrastructure for internet hosting and updating encrypted malicious payloads, typically utilizing Apache servers.
This permits them to seamlessly distribute and replace their malware, making it tough for safety techniques to maintain tempo.
The usage of file format deception, course of hollowing, and encrypted payload execution are key ways employed by SnakeKeylogger to evade detection and make sure the success of its credential-stealing mission.
Examine Actual-World Malicious Hyperlinks & Phishing Assaults With Risk Intelligence Lookup – Attempt for Free