Snake Keyloggers Exploit Java Tools to Bypass Security – Active IOCs
July 2, 2025Snake Keyloggers Exploit Java Tools to Bypass Security – Active IOCs
July 2, 2025Severity
Medium
Analysis Summary
GCleaner is a type of malware that disguises itself as a legitimate software program called "GCleaner" or "G-Cleaner." It is typically spread through malicious email attachments or fake software downloads. Once installed on a computer, GCleaner can gather personal information, display unwanted ads, and cause other malicious activity. To avoid the detection by Anti-virus they changed their technique by distributing these malware through crack websites. When these cracks are executed, they emit various payloads. Depending on the country it emits various malware which includes STOP/DJVU ransomware, SmokeLoader, Redline, Amadey, Flicker, and Racoon Stealer. The countries that were mostly targeted were the US, EU, and CA.
It is important to keep your anti-virus software updated and to be cautious when downloading and installing programs, particularly from untrusted sources.
Impact
- Information Theft
- Credential Theft
- Exposure to Sensitive Data
Indicators of Compromise
MD5
f886224fcae94f279e57866ebe25ea2a
7f27d225aa3f116880004186725b0a88
85d109292900f309271b1da5101783ac
SHA-256
01c3b22efb07d44d2102650a3896e08c4cd5424b176a943fa7e7e93def3dc231
147d8db1e9c0a4ff6ae8b02342054c3d9a8d4d7ea25ab3adea6641cde8c7d065
43998d323172b680b5e11457af870adef4f0593eb3c35a0eccbbc172e15cf068
SHA1
21361b4c9f9023e946aaf4454ff311c4ae108877
c5cb2a6abb97a21b6c548bd17b4e20af6c2212b4
55ef69be3c0f1010d22e2d47a564db7b0ac49385
Remediation
- Block all threat indicators at your respective controls.
- Search for indicators of compromise (IOCs) in your environment utilizing your respective security controls.
- Patch and upgrade any platforms and software timely and make it into a standard security policy. Prioritize patching known exploited vulnerabilities and zero-days.
- Enable antivirus and anti-malware software and update signature definitions promptly. Using multi-layered protection is necessary to secure vulnerable assets.