Questions? +1 (202) 335-3939 Login
Trusted News Since 1995
A service for global professionals · Thursday, December 19, 2024 · 770,272,331 Articles · 3+ Million Readers

ANY.RUN Reveals Advanced Tactics of Nova: A Newly Discovered Fork of Snake Keylogger

DUBAI, DUBAI, UNITED ARAB EMIRATES, December 11, 2024 /EINPresswire.com/ -- ANY.RUN's latest analysis dives into Nova, a newly discovered fork of the Snake Keylogger malware. With advanced obfuscation, stealthy memory-based operations, and flexible data theft techniques, Nova poses a real threat to both individuals and organizations. This analysis takes you inside Novaโ€™s intricate methods, revealing how it silently exfiltrates sensitive information while evading modern security defenses.

๐Ž๐ฏ๐ž๐ซ๐ฏ๐ข๐ž๐ฐ ๐จ๐Ÿ ๐๐จ๐ฏ๐š: ๐’๐ง๐š๐ค๐ž ๐Š๐ž๐ฒ๐ฅ๐จ๐ ๐ ๐ž๐ซโ€™๐ฌ ๐„๐ฏ๐จ๐ฅ๐ฎ๐ญ๐ข๐จ๐ง

Snake Keylogger, first identified in 2020, is a notorious .NET-based malware designed to steal credentials, capture keystrokes, and exfiltrate sensitive information. Nova, its advanced fork, takes these capabilities to new heights, employing obfuscation techniques, process hollowing, and multi-method data exfiltration channels like Telegram.

๐Š๐ž๐ฒ ๐ˆ๐ง๐ฌ๐ข๐ ๐ก๐ญ๐ฌ ๐Ÿ๐ซ๐จ๐ฆ ๐ญ๐ก๐ž ๐€๐ง๐š๐ฅ๐ฒ๐ฌ๐ข๐ฌ

The in-depth technical analysis reveals several critical aspects of Novaโ€™s operation:

๐Ÿญ. ๐—–๐—ฟ๐—ฒ๐—ฑ๐—ฒ๐—ป๐˜๐—ถ๐—ฎ๐—น ๐˜๐—ต๐—ฒ๐—ณ๐˜: Nova extracts sensitive data from a variety of browsers, including Chrome, Firefox, Edge, and even less commonly used ones like Vivaldi and Brave.

๐Ÿฎ. ๐——๐—ฎ๐˜๐—ฎ ๐—ฒ๐˜…๐—ณ๐—ถ๐—น๐˜๐—ฟ๐—ฎ๐˜๐—ถ๐—ผ๐—ป ๐˜ƒ๐—ฒ๐—ฟ๐˜€๐—ฎ๐˜๐—ถ๐—น๐—ถ๐˜๐˜†: Depending on the attackerโ€™s configuration, Nova can exfiltrate data via FTP, SMTP, or Telegram.

๐Ÿฏ. ๐—ฃ๐—ฒ๐—ฟ๐˜€๐—ถ๐˜€๐˜๐—ฒ๐—ป๐—ฐ๐—ฒ ๐˜๐—ต๐—ฟ๐—ผ๐˜‚๐—ด๐—ต ๐—”๐˜‚๐˜๐—ผ๐—œ๐˜: Nova employs AutoIt scripts to achieve persistence and obfuscation. It establishes scheduled tasks in Windows Task Scheduler to execute its scripts regularly, ensuring its activity continues without user awareness.

๐Ÿฐ. ๐—˜๐˜…๐˜๐—ฒ๐—ป๐˜€๐—ถ๐˜ƒ๐—ฒ ๐—ฑ๐—ฎ๐˜๐—ฎ ๐—ฐ๐—ผ๐—น๐—น๐—ฒ๐—ฐ๐˜๐—ถ๐—ผ๐—ป: Beyond credentials, Nova retrieves clipboard data, Windows product keys, and other system information, demonstrating its capability to gather a wide array of sensitive details.

๐ˆ๐ฆ๐ฉ๐ฅ๐ข๐œ๐š๐ญ๐ข๐จ๐ง๐ฌ ๐Ÿ๐จ๐ซ ๐‚๐ฒ๐›๐ž๐ซ๐ฌ๐ž๐œ๐ฎ๐ซ๐ข๐ญ๐ฒ

The Nova malware represents a critical evolution in the cyber threat landscape. Its advanced evasion techniques, comprehensive data extraction capabilities, and integration with popular platforms make it a severe risk to personal and corporate cybersecurity.

Organizations are urged to enhance their defenses and adopt proactive measures against this persistent threat.

Learn more on ANY.RUNโ€™s blog.

๐€๐›๐จ๐ฎ๐ญ ๐€๐๐˜.๐‘๐”๐

ANY.RUN is a leading interactive malware analysis platform enabling real-time behavioral analysis for Windows and Linux systems. Its advanced threat intelligence tools, including YARA Search and TI Lookup, empower cybersecurity professionals to detect, analyze, and respond to threats faster and more effectively.

The ANY.RUN team
ANYRUN FZCO
+1 657-366-5050
email us here
Visit us on social media:
X
LinkedIn

Powered by EIN Presswire

Distribution channels: Companies, IT Industry, International Organizations, Technology, World & Regional

Legal Disclaimer:

EIN Presswire provides this news content "as is" without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the author above.

Submit your press release