A new variant of Snake Keylogger is targeting Windows systems in Asia and Europe. Utilizing AutoIt scripting language, it obfuscates its presence, making it harder for traditional antivirus to detect. Once installed via malicious email attachments, it logs keystrokes, captures screenshots, and steals sensitive data, sending it to the attacker through various methods. Fortinet's research highlights the sophistication of this variant, which ensures persistence on infected systems and complicates the analysis process for security professionals.
"The use of AutoIt not only complicates static analysis by embedding the payload within the compiled script but also enables dynamic behavior that mimics benign automation tools."
"Once this software nasty gets onto a victim's PC, typically as an attachment to a spam email, this variant logs keystrokes, captures screenshots of the desktop, and collects clipboard data to steal credentials."
"Snake Keylogger funnels the loot to its command-and-control server using SMTP email, Telegram bots, and HTTP POST requests."
"The new variant's executable file is an AutoIt-compiled binary, designed to unpack and run the keylogger when opened."
Collection
[
|
...
]