/cloudfront-us-east-1.images.arcpublishing.com/morningstar/TZEZ6FJNTZEZRC3FBWCWXTXVOQ.jpg "Investors Want More Than Financial Advice From Advisors")
A stark new warning for Microsoft Windows users this week, as AI sniffs out an enhanced keylogger that “steals sensitive information from popular web browsers from popular web browsers like Chrome, Edge, and Firefox, logging keystrokes, capturing credentials, and monitoring the clipboard.”
Take this warning seriously — the malware has already targeted millions of PCs and shows no signs of slowing down. And this is programmed to attack when your PC restarts, hiding in amongst Windows’ benign processing tools to avoid detection.
The warning comes by way of Fortinet, its latest report on the poisonous Snake Keylogger that has become one of the most persistent Microsoft Windows threats out in the wild. The security firm says its new AI engine “designed to detect and analyze previously unknown threats in real-time” picked up this latest suspicious activity through “a blend of behavioral analysis and file attributes.”
Snake Keylogger has been around in its various guises since 2020, Check Point warns that it’s likely to come at them through “a malicious Office document or PDF is attached to the email. If the recipient opens the document and enables macros or uses a vulnerable version of Office or a PDF reader, then the malware is executed.”
What’s new, Fortinet says, is Snake Keylogger’s deployment of AutoIt, “a scripting language commonly used for automating tasks in the Windows environment, to deliver and execute its malicious payload.” This better obfuscates the threat over past variants, essentially hiding attacks within normal Windows processing tasks. Unsurprisingly, the malware “sets its attributes to hidden” when it installs.
Snake Keylogger drops a file into the Windows Startup folder to launch whenever a PC restarts. This means “Snake Keylogger can maintain access to the compromised system and re-establish a foothold even if the malicious process is terminated.” By running this way, it also benefits from “the Windows Startup folder allowing scripts, executables, or shortcuts to run without required administrative privileges.”
Once the slippery keylogger has a hold on your PC, it checks its location to hone its attack, monitors for the security credentials it has been programmed to steal, and when it picks these up from your keystrokes, your clipboard or your browser autofill data, it sends them to its handlers.
This latest Fortinet warning follows one from Russia’s BI.ZONE just a fortnight ago, with attacks on Russian firms using “the commercial styler NOVA – a new fork of SnakeLogger.” With Fortinet warning its latest variant had been seen in China, Turkey, Indonesia, Taiwan, and Spain, this Snake is clearly well travelled.
Suffice to say, this is yet one more reason to run updated security software on your PC and to avoid any temptation to open Office or PDF attachments that come at you by way of emails. Unless it’s something you’re expecting from someone you know, be careful.
