SnappyClient is a C++-based command-and-control (C2) implant discovered in late 2025, primarily designed for persistent access, data exfiltration, and remote system control. Researchers have observed the malware targeting cryptocurrency wallets, employing advanced evasion techniques such as AMSI bypasses and direct system calls to remain undetected. The implant is frequently delivered via the HijackLoader modular loader or through social engineering tactics like ClickFix.
Once installed, the malware establishes persistence through scheduled tasks or registry modifications and communicates with its C2 infrastructure using ChaCha20-Poly1305 encryption. Beyond its core remote access capabilities, SnappyClient can steal credentials and cookies from major browsers and allows for dynamic configuration updates. This makes it a formidable tool for long-term cyber espionage operations rather than short-lived attacks.
Top comments (0)