Snake Malware Used in Multiple Campaigns

The Snake password-stealing trojan that has been functioning since November 2020 is becoming increasingly prevalent among cybercriminals, becoming one of the most often exploited malware families in cyberattacks.

A Look Into Snake Malware

Snake malware is being sold on dark web forums for as little as $25, which might explain the increase observed in its use. The Snake malware is mostly used in phishing efforts when it is installed via malicious email attachments or by drop sites accessed by clicking on email links.

The Snake malware is an information-stealing malware that is implemented in the .NET programming language. We suspect that the malware authors themselves named the malware Snake, since the malware’s name is present in the data that Snake exfiltrates from compromised systems. Malicious actors distribute Snake as attachments to phishing emails with various themes, such as payment requests.

The attachments are typically archive files with file name extensions such as imgziptar, and rar, and store a .NET executable that implements the Snake malware.


Snake can steal credentials from over 50 programs, including email clients, web browsers, and instant messaging services, when installed on a PC.

As reported by BleepingComputer, some of the more popular programs targeted by Snake include

Read More: