back to article Sneaky SnakeKeylogger slithers into Windows inboxes to steal sensitive secrets

Criminals are preying on Windows users yet again, this time in an effort to hit them with a keylogger that can also steal credentials and take screenshots. In an alert this month, Fortinet's FortiGuard Labs warned of an uptick in SnakeKeylogger infections. Once running on someone's PC, this malware records the victim's …

  1. Alumoi Silver badge
    Joke

    I've heard it before

    Once running on someone's PC, this malware records the victim's keystrokes as they log into things, fishes usernames and passwords out of their files, and takes screenshots to snoop on people, and then sends all that sensitive info to fraudsters.

    Windows Recall, if my memory serves me well.

    1. Ramis101

      Re: I've heard it before

      Beat me to it. have a pint on me!

  2. druck Silver badge

    Malware.NET?

    I find it incredulous that malware is being written using .NET, wouldn't anyone notice the multi-gigabyte download to get the correct exact version of the .NET framework any program using it requires?

    1. Pascal Monett Silver badge
      Trollface

      Re: Malware.NET?

      Yeah, but we're talking about malware writers, not Windows coders. Malware writers are still intent on minimal footprint.

      That's something Redmond has forgotten about ages ago.

    2. MatthewSt Silver badge

      Re: Malware.NET?

      They probably would if this was 2014, but the framework now comes in at 55mb and supports tree shaking to only ship the bits you're using

      1. druck Silver badge

        Re: Malware.NET?

        To be fair that is probably the last time I wrote anything using .NET (only C# with Mono after that experience).

  3. Long John Silver
    Pirate

    Beware the beasts lurking in the Windows jungle

    The first operating system (OS) encountered by most individuals is Windows. That's inevitable given Windows' ubiquity in schools, colleges, and workplaces. Home users, educational establishments, government agencies, and businesses, are cleverly locked-in by Microsoft's marketing strategy. Few users explore alternatives to Windows.

    Disregarding Android, some alternative OSes are inherently more secure against intrusion, but their main advantages rest upon their, relatively to Windows, small user bases. Home users of Windows are particularly vulnerable because their connection to the Internet lacks mediation by a local server, with supporting staff, configured to filter out some threats and to ensure that individual workstations are properly set up.

    For three reasons, it's not worth the bother of crooks (security services are a different consideration) trying to grab personal information from non-Windows home users. First, a paucity of such users. Second, the 'demographic' of that category most likely differs considerably from Windows users with respect to where, and how, on the Internet they might expose themselves to risk. Third, it's not worth the bother for crooks to learn the intricacies and particular modalities of vulnerability of multiple OSes when one suffices for their purposes.

    The versions of Windows intended for home use are packed with garish gizmos and blandishments to buy products from Microsoft and its 'trusted partners'; updates and security fixes in need themselves of being 'fixed' soon after add to the joy of wandering through the jungle. Predatory beasts lying in wait to consume credit card details and blackmail materials add to the je ne sais quoi of the experience.

    “The Lord Giveth and the Lord Taketh Away”– Job 1:21 (KJV). Unto virus eradicator vendors, He giveth prosperity. Everything balances in the end.

    1. chivo243 Silver badge
      Thumb Up

      Re: Beware the beasts lurking in the Windows jungle

      Now I have Bungle in the Jungle running through my head...

    2. Diogenes8080

      slipping monopoly

      Beware of that equation shifting for MacOs given the probable higher reward of successfully phishing a Mac user. The iCloud platform has also become more of a target / enabler in recent years.

  4. cyberdemon Silver badge
    Pirate

    PDFs?

    Does anyone know what is the mechanism for embedding executable code into a PDF? The format is -supposed- to make that impossible, isn't it?

    If it exploits a specific weakness in one PDF reader tool or library, (e.g. Adobe Acrobat) I could understand - but then (hopefully) the file would just appear as corrupted if opened in any other PDF reader (e.g. SumatraPDF)?

    1. ThatOne Silver badge

      Re: PDFs?

      Not an IT person, but Acrobat PDF does have a scripting language (you can't be really dangerous without one), with which you probably can add a "feature" to silently download and install something when the host document is opened. Opening that document on a reader without script capacities will work just the same, but won't install anything.

      Disabling scripting is the first thing I do when I meet a PDF reader (any PDF reader, on any OS).

      1. Tony W

        Re: PDFs?

        Thanks for that! It dodn't occur to me that opening a PDF with an Android app could start Javascript on my phone. Nor that that would be enabled by default.

        What I find annoying is rules for blocked types of email attachments. Outlook has rules, Gmail different (but largely overlapping) rules. (Neither block pdf, I think.) Other mail systems are different again. Some scan inside zip and gz, some look inside all files. Every so often there's a file type I try to attach and get caught by.

        1. Anonymous Coward
          Anonymous Coward

          Re: PDFs?

          > It dodn't occur to me that opening a PDF with an Android app could start Javascript on my phone

          Apart from Linux, Android is the least insecure OS in handling PDF embedded Javascript.

        2. ThatOne Silver badge

          Re: PDFs?

          > What I find annoying is rules for blocked types of email attachments.

          The only solution for that issue is to use an email client which doesn't take initiatives like "oh, here is a suspicious file, let me install it for you". One which will allow you to manage any part of the email like an adult, neither hiding uncomfortable truths nor assuming you're a moron who can't decide what to do on your own.

          I've been using Pegasus Mail for the last 20 years, both on Windows and now on Linux (thanks to a glass of Wine). It's not very sexy, it requires some fiddling, but there is little it can't do (as far as I am concerned. YMMV). It definitely won't open/download/install anything without me telling it to, and it has no JavaScript support! It won't even display HTML unless asked to... It allows me to open and analyze any suspicious email without too much fear.

  5. Anonymous Coward
    Boffin

    Analyzing Snake Keylogger in ANY.RUN: a Full Walkthrough

    Analyzing Snake Keylogger in ANY.RUN: a Full Walkthrough

    “Emails are a common communication method but also a major vector for cyber threats”

    ‘Opening “32b4f238-3516-b261-c3ae-0c570d22ee18.eml” on Windows 11’s Microsoft Outlook showed the email contents ..’

    ‘.. The email body shows the sender attempting to convince the recipient to download and open the email attachment by referencing the “client” ..’

    ‘.. Downloading and opening “pago 4094.r09” in WinRAR shows the existence of an Application called “pago 4094.exe”:’

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like