Applications of Snake Keylogger in Geopolitics: Abuse of Trusted Java Utilities in Cybercriminal Activities

Description

A new phishing campaign using Snake Keylogger, a Russian-origin stealer, has been discovered targeting various victims including corporations, governments, and individuals. The campaign uses spear-phishing emails offering petroleum products, with malicious attachments exploiting the legitimate jsadebugd.exe binary through DLL sideloading to load Snake Keylogger. The attackers are leveraging current geopolitical tensions in the Middle East to expand their reach. The malware steals credentials from browsers and applications, collects system information, and exfiltrates data via SMTP. This campaign marks the first observed malicious use of jsadebugd.exe, indicating evolving tactics to evade detection.