Summary: Seqrite Labs reports on a malicious campaign using SnakeKeylogger, an advanced info-stealing malware, which employs a multi-stage infection chain and stealthy execution methods to extract sensitive data from victims. The infection begins with malicious spam emails that contain disguised executable files, leading to the deployment of sophisticated payloads that evade detection. This evolving threat exemplifies the growing complexity of malware strategies, emphasizing the need for robust security measures.
Affected: Organizations susceptible to info-stealers and malware infections
Keypoints :
- SnakeKeylogger uses deceptive spam emails with .img attachments to initiate its infection process.
- The malware employs a multi-stage infection chain involving an executable that downloads further malicious payloads from a remote server.
- Sophisticated techniques like process hollowing allow the malware to inject itself into legitimate processes, enabling it to steal data from various applications such as browsers, email clients, and chat apps.
- The campaign operates within a Malware-as-a-Service model, routinely updating payloads to maintain effectiveness against security defenses.