United Arab Emirates: ANY.RUN Reveals Advanced Tactics of Nova: A Newly Discovered Fork of Snake Keylogger

DUBAI, DUBAI, UNITED ARAB EMIRATES, December 11, 2024 /EINPresswire.com/ -- ANY.RUN's latest analysis dives into Nova, a newly discovered fork of the Snake Keylogger malware. With advanced obfuscation, stealthy memory-based operations, and flexible data theft techniques, Nova poses a real threat to both individuals and organizations. This analysis takes you inside

Nova’s intricate methods, revealing how it silently exfiltrates sensitive information while evading modern security defenses.

𝐎𝐯𝐞𝐫𝐯𝐢𝐞𝐰 𝐨𝐟 𝐍𝐨𝐯𝐚: 𝐒𝐧𝐚𝐤𝐞 𝐊𝐞𝐲𝐥𝐨𝐠𝐠𝐞𝐫’𝐬 𝐄𝐯𝐨𝐥𝐮𝐭𝐢𝐨𝐧

Snake Keylogger, first identified in 2020, is a notorious .NET-based malware designed to steal credentials, capture keystrokes, and exfiltrate sensitive information. Nova, its advanced fork, takes these capabilities to new heights, employing obfuscation techniques, process hollowing, and multi-method data exfiltration channels like Telegram.

𝐊𝐞𝐲 𝐈𝐧𝐬𝐢𝐠𝐡𝐭𝐬 𝐟𝐫𝐨𝐦 𝐭𝐡𝐞 𝐀𝐧𝐚𝐥𝐲𝐬𝐢𝐬

The in-depth technical analysis reveals several critical aspects of Nova’s operation:

𝟭. 𝗖𝗿𝗲𝗱𝗲𝗻𝘁𝗶𝗮𝗹 𝘁𝗵𝗲𝗳𝘁: Nova extracts sensitive data from a variety of browsers, including Chrome, Firefox, Edge, and even less commonly used ones like Vivaldi and Brave.

𝟮. 𝗗𝗮𝘁𝗮 𝗲𝘅𝗳𝗶𝗹𝘁𝗿𝗮𝘁𝗶𝗼𝗻 𝘃𝗲𝗿𝘀𝗮𝘁𝗶𝗹𝗶𝘁𝘆: Depending on the attacker’s configuration, Nova can exfiltrate data via FTP, SMTP, or Telegram.

𝟯. 𝗣𝗲𝗿𝘀𝗶𝘀𝘁𝗲𝗻𝗰𝗲 𝘁𝗵𝗿𝗼𝘂𝗴𝗵 𝗔𝘂𝘁𝗼𝗜𝘁: Nova employs AutoIt scripts to achieve persistence and obfuscation. It establishes scheduled tasks in Windows Task Scheduler to execute its scripts regularly, ensuring its activity continues without user awareness.

𝟰. 𝗘𝘅𝘁𝗲𝗻𝘀𝗶𝘃𝗲 𝗱𝗮𝘁𝗮 𝗰𝗼𝗹𝗹𝗲𝗰𝘁𝗶𝗼𝗻: Beyond credentials, Nova retrieves clipboard data, Windows product keys, and other system information, demonstrating its capability to gather a wide array of sensitive details.

𝐈𝐦𝐩𝐥𝐢𝐜𝐚𝐭𝐢𝐨𝐧𝐬 𝐟𝐨𝐫 𝐂𝐲𝐛𝐞𝐫𝐬𝐞𝐜𝐮𝐫𝐢𝐭𝐲

The Nova malware represents a critical evolution in the cyber threat landscape. Its advanced evasion techniques, comprehensive data extraction capabilities, and integration with popular platforms make it a severe risk to personal and corporate cybersecurity.

Organizations are urged to enhance their defenses and adopt proactive measures against this persistent threat.

Learn more on ANY.RUN’s blog.

𝐀𝐛𝐨𝐮𝐭 𝐀𝐍𝐘.𝐑𝐔𝐍

ANY.RUN is a leading interactive malware analysis platform enabling real-time behavioral analysis for Windows and Linux systems. Its advanced threat intelligence tools, including YARA Search and TI Lookup, empower cybersecurity professionals to detect, analyze, and respond to threats faster and more effectively.