Snake Keylogger in Geopolitical Affairs: Abuse of Trusted Java Utilities in Cybercrime Operations

This report documents a spearphishing campaign distributing Snake Keylogger—an infostealer offered as MaaS—using zipped attachments that include a legitimate jsadebugd.exe abused for DLL sideloading and injection into InstallUtil.exe; it describes the kill chain, persistence via a Run registry key, broad credential and product key exfiltration over SMTP, and provides IoCs (emails, domains, and multiple file hashes), noting the campaign’s oil-sector lure tied to regional geopolitical events.