Windows systems in Asia and Europe have been predominantly subjected to attacks with a new, more sophisticated iteration of the Snake Keylogger information-stealing malware, according to The Register.
Despite featuring the same keystroke logging, screenshot capturing, and clipboard data gathering capabilities as earlier versions, such novel Snake Keylogger variant leverages an AutoIT-compiled binary as an executable file, which allows more effective concealment of malicious activity, a report from Fortinet FortiGuard Labs showed. Execution of the updated Microsoft .NET-based data stealer also facilitates self-copying and further obfuscation before leading to the deployment of another file supporting automated execution of Snake Keylogger upon system reboot. "This method is commonly used because the Windows Startup folder allows scripts, executables, or shortcuts to run without required administrative privileges. By leveraging this technique, Snake Keylogger can maintain access to the compromised system and re-establish a foothold even if the malicious process is terminated," said Fortinet FortiGuard Labs researcher Kevin Su.
