Unboxing Snake - Python Infostealer Lurking Through Messaging Services

Cybereason's Threat Analysis describes a Python-based infostealer (referred to as Snake) distributed via social-engineered Facebook messages and public repositories (GitHub/GitLab). The malware family includes three variants (two Python scripts and one PyInstaller executable) that harvest browser cookies and credentials from multiple browsers (notably Coc Coc, Chrome, and Edge), identify victim geolocation via ipinfo.io, maintain persistence via Startup folder, and exfiltrate data to Telegram Bot API, Discord, or repository-listed C2 endpoints; the report also details obfuscation/staging behaviors, possible Vietnamese-language indicators for attribution, MITRE ATT&CK mappings, and recommended defensive controls.