Snake 🐍 Malware Bites Hard

Cybercriminals are flooding to use the Snake password-stealing trojan, making it one of the popular malware families used in attacks. Written in .NET and using the same staging mechanism as FormBook and Agent Tesla,

Cybercriminals currently sell Snake on dark web forums for as low as $25,. Mainly deployed in phishing campaigns, Snake installed via malicious email attachments or through drops sites reached by clicking on email links.

Advertisements

Snake is capable of stealing credentials from over 50 apps, including email clients, web browsers, and IM platforms.

Some of the more popular programs targeted by Snake include:

Discord
Pidgin
FileZilla
Thunderbird
Outlook
Brave browser
Chrome
Edge
Firefox
Opera
Vivaldi
Yandex

Snake also features keystroke logging, clipboard data theft capabilities and can even capture screenshots of the entire screen, which are then uploaded back to the threat actor. It also include stealing OS data, memory space info, geolocation, date time information, IP addresses.

To avoid detection, Snake disables AV defenses by killing the associated processes and goes as far as to disable network traffic analyzers such as Wireshark, adds itself to the exclusion list of the Windows Defender, allowing it to execute malicious PowerShell commands without being detected. Also it adds a scheduled task and edits a registry key to execute when a user logs in to Windows to establish persistence.