Skip Navigation

New SSH-Snake malware steals SSH keys to spread across the network

www.bleepingcomputer.com /news/security/new-ssh-snake-malware-steals-ssh-keys-to-spread-across-the-network/
Embed prevented alt text

SSH-Snake, a network mapping tool, has been adapted by hackers to stealthily find and use private SSH keys for lateral movements in targeted networks. Identified by Sysdig as a self-altering worm, it diverges from standard SSH worms by avoiding predictable attack patterns. Launched on January 4, 2024, it's a bash script that self-modifies to minimize detection, scanning directories, shell histories, and system logs to find SSH credentials. Sysdig confirmed its use after detecting a C2 server storing data from around 100 victims, indicating the exploitation of Confluence vulnerabilities for access. SSH-Snake represents a significant evolution in malware, exploiting the widely used SSH protocol in businesses.

4
4 comments