top of page
  • Admin

Snooping Snake Keylogger Set Loose! PDF Attachments Infect PC’s

Published: July 12, 2022 on our newsletter Security Fraud News & Alerts Newsletter.

When Snake Keylogger comes slinking into your email’s inbox, you should know it’s disguised as a PDF attachment. You don’t have to run, but you should know how to prevent this spyware from finding a home on your PC. Keeping this malware away from your PC can save you from identity and financial theft, including a host of other cybercrimes that can happen when all your keystrokes are recorded and used against you.

HP Wolf Security, who first discovered this PDF malware campaign in November 2020, also reports that in Q1 2022, 45% of all malware stopped by their security used Office formats. Despite the popularity and success using Office, or perhaps because of it, the bad actors behind this spyware choose PDF files to hide Snake’s Keylogger.

With cybercriminals always looking to upgrade their malware attacks using the latest tactics, Snake Keylogger uses the less popular PDF file format to do the job. Phishing emails are sent with the attached PDF named “REMITTANCE INVOICE.pdf.” Bad actors typically prefer using more familiar files like Word (.docx) and Excel’s (.xls) for their malware-infected attachments, especially when phishing the inboxes of those in a work environment. And of course, the historically popular .exe will never disappear as a useful tool for hiding malware.

PC’s infected by Snake have their sensitive PII collected and sent to a remote device. The Keylogger malware gets to work recording every keystroke you enter. No PII is safe when passwords, bank account information, credit card numbers, security codes, social media credentials, chats, WiFi passwords, and a host of login credentials for popular web browser databases are stolen. Literally every key you type into your device lands in the hands of bad actors who know what to do with them.

New Tricks for an Old Flaw

This keylogging spyware exploits a four-year-old flaw, CVE-2017-11882, with severity ratings varied from “important” to “extremely dangerous.” This old vulnerability is a memory corruption flaw in Microsoft‘s Office Equation Editor and some hackers are still happy to exploit it. Despite Microsoft releasing a patch for the 17-year-old bug in November, 2017, it appears a lot of devices weren’t updated and are still vulnerable.

Keeping Snake Keylogger away from your device is easy when you remember a couple of basics when malware arrives via email phishing.

The first is to never open documents you weren’t expecting. Check who the sender is, and if it’s someone you know, contact them directly to confirm they sent the email with an attachment. Keep in mind, hackers can socially engineer emails to appear they were sent by someone you know or work with…and they are getting sneakier and sneakier.

Second, always apply security patches as soon as they’re available. Like with Snake Keylogger malware, an unpatched device is open to flaws that welcome hackers. The results can be disastrous for victims, so always keep your cybersecurity antenna set on “high.”

Keep up to date: Sign up for our Fraud alerts and Updates newsletter

Want to schedule a conversation? Please email us at

bottom of page