The most dangerous keylogger malware of 2022: Snake Keylogger

Check Point Research, the Threat Intelligence division of the company, a leading global cybersecurity specialist provider, has released its Global Threat Index for the month of June 2022. Researchers have found that Emotet continues to be the number one malware and has also increased its global incidence by around 6%. Continuing with its climb of the last month, Snake Keylogger sneaks into the top three positions, taking the Formbook position, both still far from Emotet.

Emotet, has affected 14% of organizations around the world in June, an increase that is almost double compared to the previous month. This malware is highly profitable thanks to its ability to go unnoticed. Its persistence also makes it difficult to remove once a device is infected, making it the perfect tool in a cybercriminal’s arsenal. Conceived as a banking Trojan, it is often distributed via phishing emails and has the ability to embed other malware, increasing its ability to cause widespread damage.

There are other malwares that have increased their presence such as Raspaberry Robin, GuLoader and Wacatac. The first one was discovered a few months ago (September 2021) and is distributed via infected USB drives, uses various legitimate Windows functionalities to communicate with its C&C servers and execute malicious payloads. GuLoader first appeared in December 2019 and was used to download Parallax RAT, but has been applied to other remote access Trojans such as Netwire, FormBook, and Agent Tesla. Lastly, Wacatac is a Trojan threat that locks files but does not encrypt them like typical ransomware. When Wactac infiltrates a user’s system, it changes the names of the target files by appending a “”.wctw” extension. The lack of data encryption capability makes this threat reversible. Wactac is normally spread using spam email campaigns and rogue software.

“Snake Keylogger continues to climb the scale of malware with the highest incidence thanks to its ease in infecting sensitive information,” says cyber security specialist. “Along with the rise of Keylogger, it is also important to notify the rise of Emotet, which continues to reign and with more presence than in previous months, thanks to its persistence and evasion techniques. The fact that Emotet is self-propagating and that Keylogger can infect any type of file, makes them so high on the list and you have to be very careful with them”, .

The 3 most wanted malware in June:

*The arrows show the change in position in the ranking compared to the previous month.

1.↔ Emotet – Emotet is an advanced, self-propagating, and modular Trojan that was once used as a banking Trojan and is currently distributing other types of malware or malicious campaigns. Emotet uses multiple methods to maintain persistence and evasion techniques to avoid detection and can spread via spam phishing emails containing malicious attachments or links.

  1. ↔ Formbook – FormBook is an Infostealer targeting the Windows operating system and was first detected in 2016. It is marketed as Malware as a Service (MaaS) on underground hacking forums due to its powerful circumvention techniques and relatively low price. FormBook collects credentials from various web browsers, collects screenshots, monitors and logs keystrokes, and can download and execute files on command from its C&C.

↑ Snake Keylogger – Snake is a modular .NET keylogger and credential stealer first detected in late November 2020; its main functionality is to record user keystrokes and transmit the collected data to threat actors. Snake infections pose a huge threat to users’ privacy and online security, as the malware can steal virtually all kinds of sensitive information and is a particularly evasive and persistent keylogger.