A sophisticated variant of Snake Keylogger malware has emerged, targeting Windows users across China, Turkey, Indonesia, Taiwan, and Spain. Fortinet FortiGuard Labs reports over 280 million blocked infection attempts globally since early 2023.

Key Features and Distribution:
– Spreads through phishing emails containing malicious attachments or links
– Steals sensitive information from Chrome, Edge, and Firefox browsers
– Captures keystrokes, credentials, and clipboard content
– Transmits stolen data via SMTP and Telegram bots

Technical Implementation:
– Utilizes AutoIt scripting language to evade detection
– Deploys as “ageless.exe” in “%Local_AppData%\supergroup”
– Maintains persistence through “ageless.vbs” in Windows Startup folder
– Employs process hollowing technique, injecting into legitimate .NET processes
– Uses SetWindowsHookEx API for keystroke logging
– Tracks victim’s location through IP address verification

Related Threats:
CloudSEK has identified a parallel campaign using compromised educational infrastructure to distribute Lumma Stealer malware, targeting finance, healthcare, technology, and media sectors. The attack chain involves:
– Malicious LNK files disguised as PDFs
– WebDAV server redirects
– PowerShell commands
– Obfuscated JavaScript code
– Data exfiltration through Telegram bots

The increasing sophistication of these attacks highlights the evolving nature of cyber threats and the importance of robust security measures.