Security researchers are warning of a dangerous malware that targets Windows systems. It’s a keylogger that monitors and copies keystrokes on devices in order to intercept passwords and other typed data.
As Fortinet reports, this new variant of the Snake keylogger (also known as 404 Keylogger) is said to have been responsible for over 280 million attack attempts since the beginning of this year alone.
That’s only the number of attempts Fortinet has been able to investigate, by the way. The amount of unreported cases could be much higher.
Millions of attacks every day
At peak times, the Snake keylogger has been detected making up to 14 million infection attempts per day. Not only does it log your keystrokes, but it can also discern other personally identifiable information by, for example, using web tools to retrieve your geolocation.
Once the malware has stolen your credentials and other sensitive data, it uploads all of that information back to its command server through channels like SMTP, Telegram bots, and HTTP post requests.
The aim is always to capture passwords, bank details, and other details to be transmitted back to the attackers. Specialized modules that can also read browser autofill systems are used for this purpose. Experts rate the risk for private individuals and organizations as “high.”
How does Snake work?
The Snake keylogger is based on AutoIT, a binary program that’s used to automate processes under Windows. The malware is therefore presumably designed specifically for Windows systems.
Once Snake lands on a system, it immediately creates a copy of itself in the Windows Startup folder, thus ensuring that it’s executed again on every restart. Even if your PC is shut down, it will return when you boot it back up again. No admin rights are required to run the program.
In addition, this variant of the keylogger is said to have sophisticated binary files for obfuscation, which make detection by antivirus apps more difficult. The malicious code itself is hidden in processes that the system classifies as trustworthy.
What you can do to protect yourself
Like most other malware, the Snake keylogger lands on target systems primarily through phishing attacks — and all kinds of exotic phishing scams are on the rise worldwide.
You should therefore take special care to ensure that your data (e.g., email addresses) isn’t passed on to third parties so that you don’t become the target of phishing campaigns in the first place.
As always, you should also make sure that you never click on links or open attachments in emails from unknown or unexpected senders. Always question the sender’s intentions.
Further reading: The most common phishing scams to be aware of
This article originally appeared on our sister publication PC-WELT and was translated and localized from German.
