Snake Keylogger malware returns to the top ten after a long absence, report
13-06-2022 16:01:00 | by: Nixon Kanali | hits: 1465 | Tags:

Check Point Research (CPR), the Threat Intelligence arm of Check Point® Software Technologies Ltd has published its latest Global Threat Index for May 2022. Researchers report that Emotet, an advanced, self-propagating and modular Trojan, is still the most prevalent as a result of multiple widespread campaigns. This month, Snake Keylogger has jumped into eighth place after a long absence from the index. Snake’s main functionality is to record users keystrokes and transmit collected data to threat actors.

Snake Keylogger is usually spread through emails that include docx or xlsx attachments with malicious macros, however this month researchers reported that SnakeKey Logger has been spread via PDF files. This could be due in part to Microsoft blocking by default internet macros in Office, meaning cybercriminals have had to become more creative, exploring new file types such as PDFs. This rare way to spread malware is proving to be quite effective as some people perceive PDFs to be inherently safer than other file types. 

Emotet, is impacting 8% of organizations worldwide, a slight increase from last month. This malware is an agile malware proving profitable due to its ability to remain undetected. Its persistence also makes it difficult to be removed once a device has been infected, making it the perfect tool in a cybercriminal’s arsenal. Originally a banking trojan, it is often distributed through phishing emails and has the ability to offer other malwares, enhancing its capacity to cause widespread damage.

“As evident with the recent Snake Keylogger campaigns, everything you do online puts you at risk of a cyberattack, and opening a PDF document is no exception,” said Maya Horowitz, VP Research at Check Point Software. “Viruses and malicious executable code can lurk in multimedia content and links, with the malware attack, in this case Snake Keylogger, ready to strike once a user opens the PDF. Therefore, just as you would question the legitimacy of a docx or xlsx email attachment, you must practice the same caution with PDFs too. In today’s landscape it has never been more important for organizations to have a robust email security solution that quarantines and inspects attachments, preventing any malicious files from entering the network in the first place.”

CPR also revealed that “Web Servers Malicious URL Directory Traversal” is the most commonly exploited vulnerability, impacting 46% of organizations worldwide, closely followed by “Apache Log4j Remote Code Execution” which has a global impact of 46%. “Web Server Exposed Git Repository Information Disclosure” is in third place with a global impact of 45%. The Education & Research sector continues to be the most targeted industry by cybercriminals globally.

The complete list of the top ten malware families in May can be found on the Check Point blog.