TLDR:
- SSH-Snake malware exploits SSH credentials to spread itself in networks
- The malware is a self-propagating worm that poses a significant threat to network security
The Sysdig Threat Research Team discovered the SSH-Snake malware on January 4th, 2024. This malware abuses SSH credentials to gain unauthorized access to systems and networks. By exploiting weak or compromised credentials, threat actors can execute malicious activities, posing a significant threat to network security. SSH-Snake automates the task of discovering SSH-connected systems, hunting for various private key types and scanning bash history for SSH-related commands. The malware self-modifies to shrink its size for fileless operations and can evade scripted attack patterns to provide stealthiness and flexibility. It automates network traversal with discovered SSH private keys, mapping a network and dependencies. By leveraging SSH keys, SSH-Snake enhances threat actor capabilities and evades static detection.