Evolving Snake Keylogger Variant

SUMMARY :

A new variant of Snake Keylogger, identified as AutoIt/Injector.GTY!tr, has been detected by FortiSandbox v5.0. This malware has attempted over 280 million infections, primarily targeting China, Turkey, Indonesia, Taiwan, and Spain. Snake Keylogger steals sensitive information from popular web browsers by logging keystrokes, capturing credentials, and monitoring the clipboard. It exfiltrates data to its command-and-control server using SMTP and Telegram bots. FortiSandbox's advanced AI engine, PAIX, detected the malware through static and dynamic analysis, revealing its use of AutoIt for obfuscation, process hollowing techniques, and persistence mechanisms. The keylogger also employs specialized modules to steal credit card details and leverages the SetWindowsHookEx API for keystroke capture.

OPENCTI LABELS :

process hollowing,credential theft,keylogging,autoit,snake keylogger,fortisandbox,ai detection,404 keylogger,paix


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Evolving Snake Keylogger Variant