Evolving Snake Keylogger Variant
A new variant of Snake Keylogger, identified as AutoIt/Injector.GTY!tr, has been detected by FortiSandbox v5.0. This malware has attempted over 280 million infections, primarily targeting China, Turkey, Indonesia, Taiwan, and Spain. Snake Keylogger steals sensitive information from popular web browsers by logging keystrokes, capturing credentials, and monitoring the clipboard. It exfiltrates data to its command-and-control server using SMTP and Telegram bots. FortiSandbox's advanced AI engine, PAIX, detected the malware through static and dynamic analysis, revealing its use of AutoIt for obfuscation, process hollowing techniques, and persistence mechanisms. The keylogger also employs specialized modules to steal credit card details and leverages the SetWindowsHookEx API for keystroke capture.
Pulse ID: 67b6ec84ef28beb77cd2fded
Pulse Link: https://otx.alienvault.com/pulse/67b6ec84ef28beb77cd2fded
Pulse Author: AlienVault
Created: 2025-02-20 08:49:08
Be advised, this data is unverified and should be considered preliminary. Always do further verification.