Thanks to recent research by Any.run it was possible to identify a infostealer somewhat singularly named Snake.
What makes this malware active in the environment particularly fearsome Windows, there is its wide range of action. Besides being able to record the keystrokes typed by the userthis works by taking control of the PC, obtaining additional data such as:
- screenshot;
- access to software and platforms used by the victim;
- IP address
as well as having functions that allow you to exfiltrate data via FTP, SMTP e Telegram. Although a new version of this infostealer had already been discovered in 2020 (at the time known as 404 Keylogger), this latest version is even more flexible and fearsome.
Once it infects a system, Snake malware acts silently
The Snake attack starts with a malicious email. This is sent with a Bolivian customs reference and a BMW logo, prompting the user to download the attached attachment.
The proposed file looks like payment 4094.r09which actually obfuscates paid 4094.exe. To test the latter executable, cybersecurity analysts intentionally stored fake credentials in Chrome ed Edge to study how Snake behaves once activated.
After saving fake credentials, running paid 4094.exe makes it vanish, generating the process “C:\Users\admin\Desktop\pago 4094.exe” and releasing the file tmpG484.tmp in “C:\Users\admin\ AppData\Local\Temp” to increase the persistence of the malware. At this point, Snake works discreetly and silently to gather information, steal credentials, and exfiltrate data without showing any kind of symptoms.
How to avoid this malware?
Security experts wanted to offer some guidance to avoid this type of infection.
In the business context it is important keep updated employees regarding the potential risks of the Web. Going more specifically, have a very cautious approach on suspicious emails (especially if they contain link o attachments) is critical.
At the same time, a antivirus of quality, constantly updated, is now almost obligatory. The use ofmulti-factor authentication and a good dose of cautionFinally, they should help drastically reduce the risks associated with this malware and other similar malicious agents.
