FortiGuard Labs recently caught a phishing campaign with a malicious Excel document attached to the phishing email. Analysts performed a deep analysis on the campaign and discovered that it delivers a new variant of Snake Keylogger. Snake Keylogger (aka “404 Keylogger” or “KrakenKeylogger”) is a subscription-based keylogger with many capabilities. It is a .NET-based software originally sold on a hacker forum. Once executed on a victim’s computer, it can steal sensitive data, including saved credentials from web browsers and other popular software, the system clipboard, and basic device information. It can also log keystrokes and capture screenshots.
Below, researchers examine the phishing spam, how it lures the recipient into opening a malicious Excel document, how the Excel document downloads and executes a new variant of Snake Keylogger, and what anti-analysis techniques it uses to protect itself from being detected and blocked during the attack.
Link to full report: IR-24-242-001_SnakeKeylogger.pdf
Comments