Threat ActorSnake Keylogger
Description
Snake Keylogger, formerly known as 404 Keylogger, is a popular .NET-based keylogging Trojan that was first reported in late 2019. In addition to recording keystrokes, it also can steal saved credentials from Web browsers, email clients and other applications, capture screenshots, and steal files. As Snake Keylogger is readily available as Malware-as-a-Service (Maas) on darknet marketplaces and underground hacking forums, it is used by a wide range of threat actors including APT groups. Note that Snake Keylogger is different from the Snake malware attributed to the alleged Russian APT group "Turla", also known as Secret Blizzard, Waterbug, and Venomous Bear.
Common Vulnerabilities and Exposures
Targeted Industries
- Education
- Finance
- Government
- Healthcare
- Manufacturing
- Technology
Known Tools Used
- Browser credential stealers
- Email client extractors
- File exfiltration modules
- Keylogging components
- Screenshot capture tools
Known Infection Vectors
- Compromised software installers
- Malicious email attachments
- Phishing links
- USB/drive-by attacks
- Watering hole attacks
References
Malware Analysis Report (MAR): Snake Keylogger
https://www.cisa.gov/resources-tools/services/malware-analysis
Alert (AA22-117A): Russian State-Sponsored Cyber Threats
https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-117a
Cybersecurity Advisory: APT Tactics & Malware Trends
