Security News > 2024 > February > New SSH-Snake malware steals SSH keys to spread across the network
A threat actor is using an open-source network mapping tool named SSH-Snake to look for private keys undetected and move laterally on the victim infrastructure.
The worm searches for private keys in various locations, including shell history files, and uses them to stealthily spread to new systems after mapping the network.
SSH-Snake is available as an open-source asset for automated SSH-based network traversal, which can start from one system and show the relationship with other hosts connected through SSH. However, researchers at Sysdig, a cloud security company, say that SSH-Snake takes the typical lateral movement concept to a new level because it is more rigorous in its search for private keys.
Searching through common directories and files where SSH keys and credentials are typically stored, including.
Examining shell history files to find commands that may have used or referenced SSH private keys.
Examining system logs and network cache to identify potential targets and gather information that might indirectly lead to discovering private keys and where they can be used.