Snake Keylogger is a relatively new credential stealer and keylogger that was first discovered in the wild in November 2020. The malware is written in .NET and is a modular malware. Some of its key capabilities include keylogging, stealing saved credentials, taking screenshots, and collecting data from clipboards to be sent to the attacker.
Snake Keylogger is a malware that is commonly spread via phishing and spear phishing campaigns. A malicious Office document or PDF is attached to the email. If the recipient opens the document and enables macros or uses a vulnerable version of Office or a PDF reader, then the malware is executed.
The malware embedded in the document is typically a downloader. It uses PowerShell scripts to download a copy of Snake Keylogger to the infected system and execute it.
Snake Keylogger poses a significant threat to corporate and personal cybersecurity. In October 2022, the malware was the second most common malware variant in operation behind AgentTesla.
Snake Keylogger’s purpose is to collect account credentials for use in account takeover attacks. Some of the ways in which it accomplishes this include:
After collecting credentials from the system, the Snake Keylogger malware sends the information to the malware operator. One means for data exfiltration includes using the SMTP protocol, sending emails containing information about the infected system and any extracted credentials.
Snake Keylogger poses a significant threat to account security and corporate cybersecurity. The malware collects user credentials from various sources, which can be used to take over user accounts.
However, organizations can protect themselves and their employees against credential stealing malware in various ways. Some malware security best practices include the following:
Snake Keylogger is currently one of the leading malware variants, the second most common in October 2022. However, it is only one of the cyber threats that organizations face. Learn more about the current state of the cyber threat landscape and how to protect yourself in Check Point’s 2022 Cyber Security Report.
Check Point Harmony Endpoint provides comprehensive protection against Snake Keylogger and other malware threats that companies face. Harmony Endpoint has access to real-time threat intelligence via an integration with Check Point ThreatCloud. This enables it to identify and respond to the latest malware campaigns and evolving threats.
Snake Keylogger is a dangerous malware variant that can result in a data breach or other significant cybersecurity incident. Learn more about how Check Point Harmony Endpoint can help to improve your organization’s defenses against credential stealers and other malware by signing up for a free demo today.