Fortinet’s FortiGuard Labs recently caught a phishing campaign in the wild with a malicious Excel document attached to the phishing email. Fortinet researchers performed a deep analysis on the campaign and discovered that it delivers a new variant of Snake Keylogger.
Snake Keylogger (aka “404 Keylogger” or “KrakenKeylogger”) is a subscription-based keylogger with many capabilities. It is a .NET-based software originally sold on a hacker forum. Once executed on a victim’s computer, it has the ability to steal sensitive data, including saved credentials from web browsers and other popular software, the system clipboard, and basic device information. It can also log keystrokes and capture screenshots.
Read more…
Source: Fortinet
Related:
- xHunt Campaign: New Watering Hole Identified for Credential Harvesting
January 27, 2020
During the analysis of the xHunt campaign activities, we identified a Kuwaiti organization’s webpage used as an apparent watering hole. The webpage contained a hidden image which was observed between June and December 2019, and referenced domains associated with malicious activity conducted by the xHunt campaign operators. We believe that the same threat actors involved in ...
- An Inside Look into Microsoft Rich Text Format and OLE Exploits
January 24, 2020
There has been a dramatic shift in the platforms targeted by attackers over the past few years. Up until 2016, browsers tended to be the most common attack vector to exploit and infect machines but now Microsoft Office applications are preferred, according to a report published here during March 2019. Increasing use of Microsoft Office as a ...
- Nice Try: 501 (Ransomware) Not Implemented
January 24, 2020
Since January 10, 2020, FireEye has tracked extensive global exploitation of CVE-2019-19781, which continues to impact Citrix ADC and Gateway instances that are unpatched or do not have mitigations applied. We previously reported on attackers’ swift attempts to exploit this vulnerability and the post-compromise deployment of the previously unseen NOTROBIN malware family by one threat actor. FireEye continues to actively track multiple ...
- U.S. Government Agency Targeted With Malware-Laced Emails
January 23, 2020
A U.S. government agency was targeted with spear phishing emails harboring several malware strains – including a never-before-seen malware downloader that researchers call “Carrotball.” The campaign, which researchers observed occurring from July to October and code-named “Fractured Statue,” involved six unique malicious document lures being sent as attachments from four different Russian email addresses to 10 ...
- Shlayer Trojan attacks one in ten macOS users
January 23, 2020
For close to two years now, the Shlayer Trojan has been the most common threat on the macOS platform: in 2019, one in ten of our Mac security solutions encountered this malware at least once, and it accounts for almost 30% of all detections for this OS. The first specimens of this family fell into ...
- European Energy Sector Organization Targeted by PupyRAT Malware in Late 2019
January 23, 2020
Over the course of the last year, Recorded Future research has demonstrated that Iran-nexus groups, possibly including APT33 (also called Elfin), have been prolific in amassing operational network infrastructure throughout 2019. Additionally, in November 2019, Microsoft disclosed that APT33 had shifted focus from targeting IT networks to physical control systems used in electric utilities, manufacturing, and oil refineries. We ...