FlagThis

A new variant of Snake Keylogger has been detected launching over 280 million attacks, targeting credentials and data. The resurgence primarily impacts users in China, Turkey, Indonesia, Taiwan, and Spain, infiltrating systems through phishing emails. The keylogger steals credentials from browsers like Chrome and exfiltrates data via Telegram Bots.

Observed DNS queries and domains associated with the campaign include cleararhorizon.cyou, lightojourney.top, brhightfusion.top, and support.fortineat.com, indicating a wide infrastructure used in the attacks.