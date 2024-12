DUBAI, DUBAI, UNITED ARAB EMIRATES, December 11, 2024 /EINPresswire.com/ -- ANY.RUN's latest analysis dives into Nova, a newly discovered fork of the Snake Keylogger malware. With advanced obfuscation, stealthy memory-based operations, and flexible data theft techniques, Nova poses a real threat to both individuals and organizations. This analysis takes you inside Novaโ€™s intricate methods, revealing how it silently exfiltrates sensitive information while evading modern security defenses.

๐Ž๐ฏ๐ž๐ซ๐ฏ๐ข๐ž๐ฐ ๐จ๐Ÿ ๐๐จ๐ฏ๐š: ๐’๐ง๐š๐ค๐ž ๐Š๐ž๐ฒ๐ฅ๐จ๐ ๐ ๐ž๐ซโ€™๐ฌ ๐„๐ฏ๐จ๐ฅ๐ฎ๐ญ๐ข๐จ๐ง

Snake Keylogger, first identified in 2020, is a notorious .NET-based malware designed to steal credentials, capture keystrokes, and exfiltrate sensitive information. Nova, its advanced fork, takes these capabilities to new heights, employing obfuscation techniques, process hollowing, and multi-method data exfiltration channels like Telegram.

๐Š๐ž๐ฒ ๐ˆ๐ง๐ฌ๐ข๐ ๐ก๐ญ๐ฌ ๐Ÿ๐ซ๐จ๐ฆ ๐ญ๐ก๐ž ๐€๐ง๐š๐ฅ๐ฒ๐ฌ๐ข๐ฌ

The in-depth technical analysis reveals several critical aspects of Novaโ€™s operation:

๐Ÿญ. ๐—–๐—ฟ๐—ฒ๐—ฑ๐—ฒ๐—ป๐˜๐—ถ๐—ฎ๐—น ๐˜๐—ต๐—ฒ๐—ณ๐˜: Nova extracts sensitive data from a variety of browsers, including Chrome, Firefox, Edge, and even less commonly used ones like Vivaldi and Brave.

๐Ÿฎ. ๐——๐—ฎ๐˜๐—ฎ ๐—ฒ๐˜ ๐—ณ๐—ถ๐—น๐˜๐—ฟ๐—ฎ๐˜๐—ถ๐—ผ๐—ป ๐˜ƒ๐—ฒ๐—ฟ๐˜€๐—ฎ๐˜๐—ถ๐—น๐—ถ๐˜๐˜†: Depending on the attackerโ€™s configuration, Nova can exfiltrate data via FTP, SMTP, or Telegram.

๐Ÿฏ. ๐—ฃ๐—ฒ๐—ฟ๐˜€๐—ถ๐˜€๐˜๐—ฒ๐—ป๐—ฐ๐—ฒ ๐˜๐—ต๐—ฟ๐—ผ๐˜‚๐—ด๐—ต ๐—”๐˜‚๐˜๐—ผ๐—œ๐˜: Nova employs AutoIt scripts to achieve persistence and obfuscation. It establishes scheduled tasks in Windows Task Scheduler to execute its scripts regularly, ensuring its activity continues without user awareness.

๐Ÿฐ. ๐—˜๐˜ ๐˜๐—ฒ๐—ป๐˜€๐—ถ๐˜ƒ๐—ฒ ๐—ฑ๐—ฎ๐˜๐—ฎ ๐—ฐ๐—ผ๐—น๐—น๐—ฒ๐—ฐ๐˜๐—ถ๐—ผ๐—ป: Beyond credentials, Nova retrieves clipboard data, Windows product keys, and other system information, demonstrating its capability to gather a wide array of sensitive details.

๐ˆ๐ฆ๐ฉ๐ฅ๐ข๐œ๐š๐ญ๐ข๐จ๐ง๐ฌ ๐Ÿ๐จ๐ซ ๐‚๐ฒ๐›๐ž๐ซ๐ฌ๐ž๐œ๐ฎ๐ซ๐ข๐ญ๐ฒ

The Nova malware represents a critical evolution in the cyber threat landscape. Its advanced evasion techniques, comprehensive data extraction capabilities, and integration with popular platforms make it a severe risk to personal and corporate cybersecurity.

Organizations are urged to enhance their defenses and adopt proactive measures against this persistent threat.

๐€๐›๐จ๐ฎ๐ญ ๐€๐๐˜.๐‘๐”๐

ANY.RUN is a leading interactive malware analysis platform enabling real-time behavioral analysis for Windows and Linux systems. Its advanced threat intelligence tools, including YARA Search and TI Lookup, empower cybersecurity professionals to detect, analyze, and respond to threats faster and more effectively.

