Researchers at Fortinet’s FortiGuard Labs have uncovered a newly evolved variant of the Snake Keylogger, a type of malicious software notorious for capturing and recording everything a user types. Keyloggers are often used by cybercriminals to steal personal information, such as passwords, credit card numbers, and other sensitive data. This new variant of Snake Keylogger, also known as “404 Keylogger” or “KrakenKeylogger,” is being distributed through phishing campaigns and has been upgraded to exploit specific vulnerabilities, making it even more dangerous.
The attack is initiated by a deceptive phishing email that pretends to be a notification about a financial transaction. FortiGuard Labs’ security systems identified the email, which was flagged with the subject line “[virus detected],” and it contains an attached Excel file named “swift copy.xls.” Although the file may appear harmless, opening it sets off a chain reaction that ultimately leads to the installation of the Snake Keylogger on the recipient’s computer.
The Excel file attached to the phishing email is no ordinary spreadsheet—it has been specially crafted to take advantage of a known security vulnerability, CVE-2017-0199. This vulnerability allows attackers to execute code remotely by embedding a malicious link within the file. When the victim opens the document, this hidden link discreetly connects to a remote server, which then delivers a secondary malicious file in the form of an HTA (HTML Application) file. This file, containing obfuscated JavaScript, is executed automatically by the Windows operating system, setting the sta
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.