IT firms in the US were targeted by the Snake Keylogger campaign

September 12, 2022
IT Firms Information Technology US Snake Keylogger Cyberattack Malware InfoStealer Phishing

The reemerging Snake Keylogger malware spam campaign has been spotted by researchers attacking several IT companies in the US, with the most recent activity from its operators recorded last month.

IT firms are advised to look for the possible angles of attack since these threat actors heavily target the IT industry. Many believe these attacks are conducted to acquire critical data from their targets.

According to researchers, the IP addresses utilised in the cybercriminal attacks came from Vietnam. The phishing email on this campaign commonly target thousands of inboxes of people in the US.

The threat actors utilised the corporate profile of one of Qatar’s Information Technology and cloud services providers to deceive targets into accessing a ZIP archive attached to the phishing emails.

In addition, the archive has an EXE file coded as CPMPANY PROFILE[.]exe, which deploys the payload on the targeted host. Subsequently, the data in the targeted host will be exfiltrated by the actors through SMTP.

Cybersecurity experts then pointed out that the EXE file has a typo malfunction of the word “company.” Hence, most emails should tag this as a red flag to any recipient.

 

Snake Keylogger is an information stealer that can run different capabilities.

 

The Snake Keylogger, also known as 404 Keylogger, is an information stealer malware that steals critical data from clipboard contents and compromised systems. This malware could also capture screenshots and run a keyboard logging.

This infostealer was first spotted by researchers a couple of years ago and found on underground hacking marketplaces for a hundred dollars or less.

Researchers also elaborated that the Snake Keylogger’s attacks are always financially motivated since their victims face identity theft and fraud cases. Recently, the operators of this infostealer were seen abusing MS Office documents and PDFs for their social engineering attacks.

Cybersecurity experts recommend that users verify the email address before interacting with attached file links to remain protected against keylogger attacks. Additionally, users should ensure that their accounts are equipped with 2FA processes to prevent hackers from infiltrating accounts. Users should also have a reliable security solution and keep all applications updated.

About the author