Monday, May 12, 2025
HomeCyber Security NewsSnake Keylogger Targets Chrome, Edge, and Firefox Users in New Attack Campaign

Snake Keylogger Targets Chrome, Edge, and Firefox Users in New Attack Campaign

Published on

SIEM as a Service

Follow Us on Google News

A new variant of the Snake Keylogger, also known as 404 Keylogger, has been detected targeting users of popular web browsers such as Google Chrome, Microsoft Edge, and Mozilla Firefox.

FortiGuard Labs identified this threat using FortiSandbox v5.0 (FSAv5), a cutting-edge malware detection platform powered by advanced artificial intelligence (AI) and machine learning.

This malicious software is designed to steal sensitive user information, including credentials and other personal data, by logging keystrokes and monitoring clipboard activity.

- Advertisement - Google News

High-Impact Campaign with Global Reach

The Snake Keylogger variant, identified as AutoIt/Injector.GTY!tr, has already been linked to over 280 million blocked infection attempts worldwide.

The highest concentration of these detections has been reported in regions such as China, Turkey, Indonesia, Taiwan, and Spain.

Delivered primarily through phishing emails containing malicious attachments or links, the malware exfiltrates stolen data to its command-and-control (C2) server via SMTP or Telegram bots.

This enables attackers to gain unauthorized access to victims’ sensitive information.

Advanced Techniques for Evasion and Persistence

This variant employs sophisticated techniques to evade detection and maintain persistence on infected systems.

It utilizes AutoIt, a scripting language often used for automation in Windows environments, to compile its payload into standalone executables that bypass traditional antivirus solutions.

Upon execution, the malware drops files into specific directories such as %Local_AppData%\supergroup and creates scripts in the Windows Startup folder to ensure it runs automatically upon system reboot.

Snake Keylogger
Screenshot of ageless.vbs placed in the Startup folder for persistence.

Additionally, Snake Keylogger uses process hollowing to inject malicious code into legitimate processes like RegSvcs.exe.

This technique allows the malware to operate undetected within trusted system processes.

It also targets browser autofill systems to extract stored credentials and credit card details while employing low-level keyboard hooks to capture keystrokes.

Snake Keylogger
Snake Keylogger’s attempt to steal the victim’s credit card information

FortiSandbox v5.0 played a pivotal role in identifying this threat through its PAIX AI engine.

The platform combines static analysis examining code structures and embedded signatures with dynamic behavioral analysis to detect suspicious activities in real-time.

FSAv5 uncovered obfuscated strings, API calls, and runtime behaviors indicative of credential harvesting and data exfiltration.

Fortinet analysis revealed that Snake Keylogger leverages websites like checkip[.]dyndns[.]org for geolocation reconnaissance and transmits stolen data via HTTP POST requests.

It also deploys encrypted scripts and specialized modules to access browser-related login credentials.

Organizations are advised to strengthen their email security measures to prevent phishing attacks the primary delivery mechanism for Snake Keylogger.

Deploying advanced threat detection tools like FortiSandbox can help identify and mitigate such threats effectively.

Regular updates of antivirus solutions and employee training on cybersecurity best practices are also critical in reducing exposure to evolving malware campaigns.

As this attack campaign underscores the growing sophistication of keyloggers, proactive measures remain essential in safeguarding sensitive information against emerging threats.

Free Webinar: Better SOC with Interactive Malware Sandbox for Incident Response and Threat Hunting – Register Here

Aman Mishra
Aman Mishra
Aman Mishra is a Security and privacy Reporter covering various data breach, cyber crime, malware, & vulnerability.

Latest articles

Lumma Stealer Upgraded with PowerShell Tools and Advanced Evasion Techniques

Sophos Managed Detection and Response (MDR) in September 2024, the notorious Lumma Stealer malware...

New Noodlophile Malware Spreads Through Fake AI Video Generation Platforms

Cybercriminals have unleashed a new malware campaign using fake AI video generation platforms as...

Kimsuky Hacker Group Deploys New Phishing Techniques and Malware Campaigns

The North Korean state-sponsored Advanced Persistent Threat (APT) group Kimsuky, also known as “Black...

APT37 Hackers Use Weaponized LNK Files and Dropbox for Command-and-Control Operations

The North Korean state-sponsored hacking group APT37, also known as ScarCruft, launched a spear...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Lumma Stealer Upgraded with PowerShell Tools and Advanced Evasion Techniques

Sophos Managed Detection and Response (MDR) in September 2024, the notorious Lumma Stealer malware...

New Noodlophile Malware Spreads Through Fake AI Video Generation Platforms

Cybercriminals have unleashed a new malware campaign using fake AI video generation platforms as...

Kimsuky Hacker Group Deploys New Phishing Techniques and Malware Campaigns

The North Korean state-sponsored Advanced Persistent Threat (APT) group Kimsuky, also known as “Black...