White Snake Virus Targets Companies Disguised as Roskomnadzor
In July, hackers began sending emails to companies containing a virus capable of stealing passwords and other sensitive data, according to experts from BI.ZONE. The virus, named White Snake, emerged this year and is particularly dangerous. It can extract saved passwords from computers, copy files, record keystrokes, capture audio from microphones, record video from webcams, and provide other forms of unauthorized access to infected devices.
How White Snake Spreads
One of the main distribution methods for White Snake is through emails sent to business addresses, often sourced from data leaks. These emails impersonate notifications from Roskomnadzor, the Russian federal communications regulator. The first attachment in the email appears to be an official message, claiming that “during selective monitoring of activity,” employees were found visiting prohibited websites, including those publishing content from foreign agents. The message urges recipients to review the attached materials and provide an explanation within two business days, threatening administrative and criminal penalties. The second file contains a link to the virus.
Commercial Malware on the Rise
BI.ZONE notes that what’s unusual about this attack is the use of a “commercial virus”—malware sold on dark web forums rather than custom-built by hackers for their own use. A subscription to White Snake can be purchased for $140 per month, or unlimited access for $1,900. The low price and ease of use are leading to “an inevitable increase in targeted attacks,” emphasizes Oleg Skulkin, Head of Cyber Intelligence at BI.ZONE.
Deceptive Tactics and Warnings
Experts from various companies confirm the danger of such attacks: hackers try to convince users to open the infected archive using different pretexts, ranging from threats of multimillion-ruble fines to assurances like “checked by antivirus” at the end of the email. Roskomnadzor has stated on its official Telegram channel that the agency “does not send mass emails to citizens, organizations, or government bodies.” The agency declined to provide further comments.
What Data Is at Risk?
White Snake can collect data from infected computers through popular browsers like Chrome and Firefox (including passwords and downloads), as well as well-known programs such as Outlook, Discord, Telegram, and even cryptocurrency wallets. “If one employee is infected, White Snake attackers can use the stolen credentials to access other devices,” one expert warns.
Who Is Most at Risk?
The attacks have the greatest impact on companies in the financial sector, including digital wallet owners, and on scientific and technical organizations whose developments and intellectual property are especially valuable.
Potential Losses and Long-Term Risks
Depending on the type of company and the attackers’ goals, losses from such incidents can range from “several million to hundreds of millions of rubles,” according to another expert. “These viruses often steal account credentials, and since 70% of companies lack two-factor authentication, hackers are very likely to gain a foothold within the company,” he adds. The stolen information may then be sold on the dark web or used for long-term espionage.