FortiGuard Labs recently caught a phishing campaign with a malicious Excel document attached to the phishing email. Analysts performed a deep analysis on the campaign and discovered that it delivers a new variant of Snake Keylogger. Snake Keylogger (aka “404 Keylogger” or “KrakenKeylogger”) is a subscription-based keylogger with many capabilities. It is a .NET-based software originally sold on a hacker forum. Once executed on a victim’s computer, it can steal sensitive data, including saved
keylogger (5)
A new malware-as-a-service option for cybercriminals known as BunnyLoader was released on September 4th, 2023. It has since seen a variety of updates and has reached version 2.0. As one might expect from any number of the “as a service” monikers, malware-as-a-service is a business model for cybercriminals. The business model is such that malware and its associated infrastructure are provided to customers for a fee. This can also be seen as a variation to the software-as-a-service model.
Thos
EvilExtractor (sometimes spelled Evil Extractor) is an attack tool designed to target Windows operating systems and extract data and files from endpoint devices. It includes several modules that all work via an FTP service. It was developed by Kodex, which claims it is an educational tool. However, research conducted by FortiGuard Labs shows cybercriminals are actively using it as an info stealer.
Based on our traffic source data to the host, evilextractor[.]com, malicious activity increased si
Keyloggers have been around for decades. They have constantly adapted to the changing technology landscape and remain an effective method used by attackers to obtain information about computer users. In this report we take a look at what keyloggers do, how they have changed, and what keyloggers to look out for going forward.
Keyloggers are software or hardware devices used to record keyboard inputs by users on a computer. They were originally invented for corporations to monitor employee comput
A recently discovered Mobile Remote Access Trojan (MRAT) can take control of the infected Android devices and exfiltrate a multitude of user data. Called Rogue, the Trojan is the work of Triangulum and HeXaGoN Dev, known Android malware authors that have been selling their malicious products on underground markets for several years.
Triangulum first shared a mobile RAT on a dark web forum in June 2017. The threat was capable of data exfiltration, but could also destroy data locally, and even e