Skuld

Malware Profile Updated 2 months ago
Download STIX
Preview STIX
Skuld, a new Golang-based information-stealing malware, has been identified as the culprit behind a series of attacks on Windows systems in the U.S., Europe, and Southeast Asia. These attacks, which took place on June 15, 2023, resulted in the exfiltration of sensitive data from targeted systems. Skuld shares similarities with other publicly available stealers such as BlackCap Grabber, Luna Grabber, and Creal Stealer. The malware is believed to be the work of an online developer known by the alias Deathined, who is active on various social media platforms including GitHub, Twitter, Reddit, and Tumblr. The modus operandi of Skuld involves checking execution in a virtual environment and then collecting running processes. Any process that matches its predefined blocklist is terminated, as indicated by a report from cybersecurity company Trellix. Some samples of Skuld also incorporate a clipper module, which alters clipboard content and steals cryptocurrency assets by swapping wallet addresses. This feature suggests ongoing development and refinement of the malware's capabilities. The rise of Skuld signifies an increasing prevalence of Go-based malware, as noted by Trellix researcher Ernesto Fernandez Provecho. Its ability to compromise systems across different regions and its sophisticated functionality make it a serious threat to data security. As Skuld continues to evolve, organizations are urged to bolster their cybersecurity measures to protect against such advanced info-stealing attacks.
What's your take? (Question 1 of 4)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Github
Windows
Reddit
Malware
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Luna GrabberUnspecified
1
Luna Grabber, an open-source malware designed to steal information, has been targeting developers on the Roblox platform. The malicious software infiltrates users' systems through npm packages, exploiting vulnerabilities and potentially accessing sensitive data from local web browsers, Discord appli
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Skuld Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
a year ago
Sensitive data leaks likely with critical WooCommerce Stripe Gateway plugin flaw
CERT-EU
a year ago
Windows systems targeted in global Skuld info stealer attacks
CERT-EU
a year ago
New Golang-based Skuld Malware Stealing Discord and Browser Data from Windows PCs