惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

V
Vulnerabilities – Threatpost
V
V2EX
GbyAI
GbyAI
Recent Announcements
Recent Announcements
Microsoft Security Blog
Microsoft Security Blog
阮一峰的网络日志
阮一峰的网络日志
Hugging Face - Blog
Hugging Face - Blog
T
Tailwind CSS Blog
Y
Y Combinator Blog
C
Check Point Blog
爱范儿
爱范儿
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
美团技术团队
雷峰网
雷峰网
IT之家
IT之家
WordPress大学
WordPress大学
V
Visual Studio Blog
Microsoft Azure Blog
Microsoft Azure Blog
MyScale Blog
MyScale Blog
N
News and Events Feed by Topic
罗磊的独立博客
S
SegmentFault 最新的问题
S
Security Affairs
aimingoo的专栏
aimingoo的专栏
F
Fortinet All Blogs
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
H
Hacker News: Front Page
Google DeepMind News
Google DeepMind News
B
Blog
O
OpenAI News
C
Cisco Blogs
Simon Willison's Weblog
Simon Willison's Weblog
The Last Watchdog
The Last Watchdog
Hacker News: Ask HN
Hacker News: Ask HN
博客园_首页
人人都是产品经理
人人都是产品经理
C
Cybersecurity and Infrastructure Security Agency CISA
Recent Commits to openclaw:main
Recent Commits to openclaw:main
Help Net Security
Help Net Security
月光博客
月光博客
J
Java Code Geeks
L
LangChain Blog
博客园 - 司徒正美
Stack Overflow Blog
Stack Overflow Blog
Security Archives - TechRepublic
Security Archives - TechRepublic
Apple Machine Learning Research
Apple Machine Learning Research
T
The Exploit Database - CXSecurity.com
N
News and Events Feed by Topic
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More

WeLiveSecurity

Supply chain dependencies: Have you checked your blind spot? Recovery scammers hit you when you’re down: Here’s how to avoid a ‘second strike’ As breakout time accelerates, prevention-first cybersecurity takes center stage Digital assets after death: Managing risks to your loved one’s digital estate This month in security with Tony Anscombe – March 2026 edition RSAC 2026 wrap-up – Week in security with Tony Anscombe A cunning predator: How Silver Fox preys on Japanese firms this tax season Virtual machines, virtually everywhere – but not all protected Cloud workload security: Mind the gaps Move fast and save things: A quick guide to recovering a hacked account EDR killers explained: Beyond the drivers Face value: What it takes to fool facial recognition Cyber fallout from the Iran war: What to have on your radar Sednit reloaded: Back in the trenches What cybersecurity actually does for your business How SMBs use threat research and MDR to build a defensive edge Protecting education: How MDR can tip the balance in favor of schools This month in security with Tony Anscombe – February 2026 edition Mobile app permissions (still) matter more than you may think Faking it on the phone: How to tell if a voice call is AI or not PromptSpy ushers in the era of Android threats using GenAI Is Poshmark safe? How to buy and sell without getting scammed Is it OK to let your children post selfies online? Naming and shaming: How ransomware groups tighten the screws on victims Taxing times: Top IRS scams to look out for in 2026 OfferUp scammers are out in force: Here’s what you should know A slippery slope: Beware of Winter Olympics scams and other cyberthreats This month in security with Tony Anscombe – January 2026 edition DynoWiper update: Technical analysis and attribution Love? Actually: Fake dating app used as lure in targeted spyware campaign in Pakistan Drowning in spam or scam emails lately? Here’s why ESET Research: Sandworm behind cyberattack on Poland’s power grid in late 2025 Children and chatbots: What parents should know Common Apple Pay scams, and how to stay safe Old habits die hard: 2025’s most common passwords were as predictable as ever Why LinkedIn is a hunting ground for threat actors – and how to protect yourself Is it time for internet services to adopt identity verification? Your information is on the dark web. What happens next? Credential stuffing: What it is and how to protect yourself This month in security with Tony Anscombe – December 2025 edition A brush with online fraud: What are brushing scams and how do I stay safe? Revisiting CVE‑2025‑50165: A critical flaw in Windows Imaging Component LongNosedGoblin tries to sniff out governmental affairs in Southeast Asia and Japan ESET Threat Report H2 2025 Black Hat Europe 2025: Was that device designed to be on the internet at all? Black Hat Europe 2025: Reputation is currency – even in the ransomware economy Locks, SOCs and a cat in a box: What Schrödinger can teach us about cybersecurity Seeking symmetry during ATT&CK® season: How to harness today’s diverse analyst and tester landscape to paint a security masterpiece The biggest catch: How whaling attacks target top executives Phishing, privileges and passwords: Why identity is critical to improving cybersecurity posture MuddyWater: Snakes by the riverbank Oversharing is not caring: What’s at stake if your employees post too much online This month in security with Tony Anscombe – November 2025 edition What parents should know to protect their children from doxxing Influencers in the crosshairs: How cybercriminals are targeting content creators MDR is the answer – now, what’s the question? The OSINT playbook: Find your weak spots before attackers do PlushDaemon compromises network devices for adversary-in-the-middle attacks What if your romantic AI chatbot can’t keep a secret? Can password managers get hacked? Here’s what to know Why shadow AI could be your biggest security blind spot In memoriam: David Harley The who, where, and how of APT attacks in Q2 2025–Q3 2025 ESET APT Activity Report Q2 2025–Q3 2025 Sharing is scaring: The WhatsApp screen-sharing scam you didn’t see coming How social engineering really works | Unlocked 403 cybersecurity podcast (S2E6) Ground zero: 5 things to do after discovering a cyberattack This month in security with Tony Anscombe – October 2025 edition Fraud prevention: How to help older family members avoid scams Cybersecurity Awareness Month 2025: When seeing isn't believing Recruitment red flags: Can you spot a spy posing as a job seeker? How MDR can give MSPs the edge in a competitive market Cybersecurity Awareness Month 2025: Cyber risk thrives in the shadows Gotta fly: Lazarus targets the UAV sector Cybersecurity Awareness Month 2025: Building resilience against ransomware Minecraft mods: When ‘hacking’ your game becomes a security risk IT service desks: The security blind spot that may put your business at risk Cybersecurity Awareness Month 2025: Why software patching matters more than ever AI-aided malvertising: How chatbots can help spread scams How Uber seems to know where you are – even with restricted location permissions Cybersecurity Awareness Month 2025: Passwords alone are not enough The case for cybersecurity: Why successful businesses are built on protection Beware of threats lurking in booby-trapped PDF files Manufacturing under fire: Strengthening cyber-defenses amid surging threats New spyware campaigns target privacy-conscious Android users in the UAE Cybersecurity Awareness Month 2025: Knowledge is power This month in security with Tony Anscombe – September 2025 edition Roblox executors: It’s all fun and games until someone gets hacked DeceptiveDevelopment: From primitive crypto theft to sophisticated AI-based deception Watch out for SVG files booby-trapped with malware Gamaredon X Turla collab Small business, big risk: How SMBs can fight back against ransomware HybridPetya: A Petya/NotPetya copycat comes with a twist Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass Are cybercriminals hacking your systems – or just logging in? Preventing business disruption and building cyber-resilience with MDR Under lock and key: Safeguarding business data with encryption GhostRedirector poisons Windows servers: Backdoors with a side of Potatoes This month in security with Tony Anscombe – August 2025 edition Don’t let “back to school” become “back to bullying”
SnakeStealer: How it preys on personal data – and how to stay safe
Martina López · 2025-10-22 · via WeLiveSecurity

Malware

SnakeStealer: How it preys on personal data – and how you can protect yourself

Here’s what to know about the malware with an insatiable appetite for valuable data, so much so that it tops this year's infostealer detection charts

22 Oct 2025  •  , 3 min. read

SnakeStealer: How it preys on personal data – and how you can protect yourself

Infostealers remain one of the most persistent threats on today’s threat landscape. They’re built to quietly siphon off valuable information, typically login credentials and financial and cryptocurrency details, from compromised systems and send it to adversaries. And they do so with great success.

ESET researchers have tracked numerous campaigns recently where an infostealer was the final payload. Agent Tesla, Lumma Stealer, FormBook and HoudRAT continue to make the rounds in large numbers, but according to the ESET Threat Report H1 2025, one family surged ahead of the rest in the first half of this year: SnakeStealer.

A threat is born

Detected by ESET products mainly as MSIL/Spy.Agent.AES, SnakeStealer first appeared in 2019. Early reports traced it to a threat originally marketed as 404 Keylogger or 404 Crypter on underground forums before it rebranded under its current name.

snake-stealer-infostealer-robo-contrasenas
Figure 1. One of the first advertisements for 404 Keylogger (source: habr.com)

In its early variants, SnakeStealer used Discord to host its payloads, which victims unwittingly downloaded after opening a malicious email attachment. While hosting malware on legitimate cloud platforms wasn’t new, the widespread abuse of Discord soon became a hallmark tactic. SnakeStealer reached its first big wave of activity in 2020 and 2021, spreading globally without any clear regional focus.

Meanwhile, the delivery methods varied. Phishing attachments still remain the primary vector, but the payload itself may be disguised in various forms, including password-protected ZIP files, weaponized RTF, ISO and PDF files, or even bundled with other malware. Occasionally, SnakeStealer hides inside pirated software or fake apps, which speaks to the fact that not every compromise begins with a malicious email.

snake-stealer-infostealer-robo-contrasenas2
Figure 2. Hashes related to SnakeStealer, reported by year. (source: MalwareBazaar)

Malware-as-a-service: A profitable 'business model'

Like many other modern threats, SnakeStealer follows the malware-as-a-service (MaaS) model. Its operators rent or sell access to the malware, complete with technical support and updates, which makes it easy for even low-skilled attackers to launch their own campaigns.

SnakeStealer’s recent resurgence is no coincidence. After Agent Tesla began to decline and lose developer support, underground Telegram channels started recommending SnakeStealer as its successor. This endorsement, combined with the convenience of its MaaS setup and its ready-made infrastructure, propelled SnakeStealer to the top of detection charts, so much so that SnakeStealer was recently responsible for almost one-fifth of global infostealer detections as tracked by ESET telemetry.

Figure 3. SnakeStealer topping detection charts
Figure 3. SnakeStealer topping detection charts (source: ESET Threat Report H1 2025)

Key features

SnakeStealer may not break new ground, but it’s polished, reliable, and easy to deploy. It offers a full toolkit of capabilities that’s typical of professional-grade info-stealing malware, and given its modularity, attackers can switch features on or off to suit their needs.

  • Evasion: In order to stay under the radar, SnakeStealer can terminate processes associated with security and malware analysis tools and check for virtual environments.
  • Persistence: It alters Windows boot configurations to maintain access on compromised systems.
  • Credential theft: It extracts saved passwords from web browsers, databases, email and chat clients, including Discord, and Wi-Fi networks.
  • Surveillance: It captures clipboard data, takes screenshots and logs keystrokes.
  • Exfiltration: It sends stolen data via FTP, HTTP, email, or Telegram bots.

How to protect yourself

Whether you’re an individual user or a business, these steps can help reduce the risk against infostealers like SnakeStealer:

  • Be skeptical of unsolicited messages. Treat attachments and links, especially from unknown senders, as potential threats, even if they appear legitimate. Verify them with the sender through other channels.
  • Keep your system and apps updated. Patching known vulnerabilities in a timely manner reduces the risk of compromise stemming from software loopholes.
  • Enable multi-factor authentication (MFA) wherever possible. Even if your password is stolen, MFA can stop unauthorized logins.
  • If you suspect a compromise: change all passwords from a clean device, revoke open sessions, and monitor your accounts for suspicious activity.
  • Use reputable security software on all devices, desktop and mobile alike.

Final thoughts

SnakeStealer’s rise is a reminder of how quickly the cybercrime market adapts and as such reflects a larger truth about today’s threat landscape: cybercrime has industrialized. This professionalization makes it easier than ever for anyone to steal data at scale. And as one infostealer fades, another fills the gap, armed with largely the same tried-and-tested tactics. The good news is that strong cybersecurity practices will go a long way towards keeping you safe.


Let us keep you
up to date

Sign up for our newsletters