Skuld

Skuld, a new Golang-based information-stealing malware, has been identified as the culprit behind a series of attacks on Windows systems in the U.S., Europe, and Southeast Asia. These attacks, which took place on June 15, 2023, resulted in the exfiltration of sensitive data from targeted systems. Skuld shares similarities with other publicly available stealers such as BlackCap Grabber, Luna Grabber, and Creal Stealer. The malware is believed to be the work of an online developer known by the alias Deathined, who is active on various social media platforms including GitHub, Twitter, Reddit, and Tumblr. The modus operandi of Skuld involves checking execution in a virtual environment and then collecting running processes. Any process that matches its predefined blocklist is terminated, as indicated by a report from cybersecurity company Trellix. Some samples of Skuld also incorporate a clipper module, which alters clipboard content and steals cryptocurrency assets by swapping wallet addresses. This feature suggests ongoing development and refinement of the malware's capabilities. The rise of Skuld signifies an increasing prevalence of Go-based malware, as noted by Trellix researcher Ernesto Fernandez Provecho. Its ability to compromise systems across different regions and its sophisticated functionality make it a serious threat to data security. As Skuld continues to evolve, organizations are urged to bolster their cybersecurity measures to protect against such advanced info-stealing attacks.