Friend
Professional
- Messages
- 2,653
- Reaction score
- 850
- Points
- 113
The malware hides in a phishing Excel document.
Recently, FortiGuard Labs, the research arm of Fortinet, documented a new phishing campaign that spreads malware through an attached Excel document. The analysis carried out showed that this document delivers a new version of Snake Keylogger, a dangerous data stealing software.
Snake Keylogger, also known as "404 Keylogger" or "KrakenKeylogger", is a tool sold on hacker forums on a subscription model. Written in .NET, this software has many capabilities for collecting sensitive information, including credentials from web browsers and other popular programs, clipboard content, and basic system information. Snake Keylogger can also record keystrokes and take screenshots.
A phishing attack begins with an email that is designed to trick the recipient into opening an attached Excel file called "swift copy.xls". The email claims that funds have been received in the user's account, prompting them to open the file to verify the details. FortiGuard already recognizes this email as a threat and marks it with '[virus detected]'.
When you open an Excel file, a malicious code is activated, which downloads and runs a new version of Snake Keylogger. Attackers use the CVE-2017-0199 vulnerability to download a malicious file via a hidden link in a document.
Once successfully launched on the victim's computer, Snake Keylogger ensures its stealth and persistence through the use of sophisticated encryption and cloaking techniques. The software is embedded in system processes and remains undetected by antivirus solutions. The main functions of Snake Keylogger include collecting system data, stealing credentials from various applications, and emailing this data to the attacker.
To protect your devices and networks from these attacks, Fortinet recommends that you regularly update your security software and receive cybersecurity training.
Source
Recently, FortiGuard Labs, the research arm of Fortinet, documented a new phishing campaign that spreads malware through an attached Excel document. The analysis carried out showed that this document delivers a new version of Snake Keylogger, a dangerous data stealing software.
Snake Keylogger, also known as "404 Keylogger" or "KrakenKeylogger", is a tool sold on hacker forums on a subscription model. Written in .NET, this software has many capabilities for collecting sensitive information, including credentials from web browsers and other popular programs, clipboard content, and basic system information. Snake Keylogger can also record keystrokes and take screenshots.
A phishing attack begins with an email that is designed to trick the recipient into opening an attached Excel file called "swift copy.xls". The email claims that funds have been received in the user's account, prompting them to open the file to verify the details. FortiGuard already recognizes this email as a threat and marks it with '[virus detected]'.
When you open an Excel file, a malicious code is activated, which downloads and runs a new version of Snake Keylogger. Attackers use the CVE-2017-0199 vulnerability to download a malicious file via a hidden link in a document.
Once successfully launched on the victim's computer, Snake Keylogger ensures its stealth and persistence through the use of sophisticated encryption and cloaking techniques. The software is embedded in system processes and remains undetected by antivirus solutions. The main functions of Snake Keylogger include collecting system data, stealing credentials from various applications, and emailing this data to the attacker.
To protect your devices and networks from these attacks, Fortinet recommends that you regularly update your security software and receive cybersecurity training.
Source
