Close Menu
  • Academy
  • Events
  • Identity
  • International
  • Inventions
  • Startups
    • Sustainability
  • Tech
  • Spanish
What's Hot

Interpol dismantles over 20,000 malicious IPS linked to 69 running malware variants.

5 lessons from River Island

The UK hospitality industry is securing £3 million savings through new initiatives

Facebook X (Twitter) Instagram
  • Home
  • About Us
  • Advertise with Us
  • Contact Us
  • DMCA
  • Privacy Policy
  • Terms & Conditions
  • User-Submitted Posts
Facebook X (Twitter) Instagram
Fyself News
  • Academy
  • Events
  • Identity
  • International
  • Inventions
  • Startups
    • Sustainability
  • Tech
  • Spanish
Fyself News
Home » Ransomware Gangs Use Skitnet Malware for Stealth Data Theft and Remote Access
Identity

Ransomware Gangs Use Skitnet Malware for Stealth Data Theft and Remote Access

userBy userMay 19, 2025No Comments3 Mins Read
Share Facebook Twitter Pinterest Telegram LinkedIn Tumblr Email Copy Link
Follow Us
Google News Flipboard
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link

May 19, 2025Ravi LakshmananRansomware/Malware

Skit Net Malware

Several ransomware actors have used malware called SkitNet as part of their post-explosion efforts to steal sensitive data and establish remote control over compromised hosts.

“Skitnet has been on sale at underground forums like Ramp since April 2024,” Swiss Cybersecurity Company Prodaft told Hacker News. “But since early 2025, we’ve seen multiple ransomware operators using it in real attacks.”

“For example, in April 2025, Blackbusta leveraged skitnet in a team-themed phishing campaign aimed at enterprise environments. Its stealth capabilities and flexible architecture make it seem that Skitnet is gaining rapid traction within the ransomware ecosystem.”

SkitNet, also known as BossNet, is a multi-stage malware developed by a threat actor tracked by the company under the name Larva-306. A notable aspect of malicious tools is that they use programming languages ​​like Rust and NIM to launch reverse shells over DNS to avoid detection.

It is also embedded in the versatile threats, including persistence mechanisms, remote access tools, data removal commands, and even downloading .NET loader binaries that can be used to provide additional payloads.

Cybersecurity

First promoted on April 19, 2024, SkitNet will be offered to potential customers as a “compact package” that contains server components and malware. The first executable is a Rust binary that decrypts and executes an embedded payload compiled with NIM.

“The main function of this NIM binary is to establish an inverse shell connection with C2 [command-and-control] Through DNS resolution, the server stated that “use the getProcAddress function to dynamically resolve API function addresses rather than using traditional import tables to avoid detection.”

The NIM-based binaries also launch multiple threads, send DNS requests every 10 seconds, read DNS responses, extract commands to run on the host, and return the command execution results back to the server. The command is issued through the C2 panel, which is used to manage infected hosts.

Some of the supported PowerShell commands are listed below –

Startup guarantees persistence by creating shortcuts in the startup directory on the victim’s device screen. This captures a screenshot of the victim’s desktop AnyDesk/Rutserv. Installed security products

“Skitnet is multi-stage malware that utilizes multiple programming languages ​​and encryption technologies,” Prodaft said. “Malware tries to circumvent traditional security measures by using Rust for payload decryption and manual mapping, followed by a NIM-based inverse shell that communicates over DNS.”

Cybersecurity

This disclosure is because Zscaler ThreatLabz details another malware loader called another malware loader used to provide ransomware strains called Morpheus, which target American law firms.

Active since at least February 2025, Transferloader incorporates three components for backdoors, a downloader, a backdoor, and a special loader, allowing threat actors to execute arbitrary commands on the compromised system.

The downloader is designed to retrieve and run the payload from the C2 server, and run the PDF decoy file at the same time, but the backdoor is responsible for running the server-issued commands and updating its own configuration.

“Backdoor utilizes a distributed interplanetary file system (IPFS) peer-to-peer platform as a fallback channel for updating command and control (C2) servers,” the cybersecurity company said. “Transferloader developers use obfuscation methods to make the reverse engineering process even more boring.”

Did you find this article interesting? Follow us on Twitter and LinkedIn to read exclusive content you post.

Source link

Follow on Google News Follow on Flipboard
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Previous ArticlePharma Giant Regeneron buys 23andMe and its customers’ data for $256 million
Next Article Khan Younis in Gaza’s latest focus on Israeli forced evacuation, bombing | Gaza News
user
  • Website

Related Posts

Interpol dismantles over 20,000 malicious IPS linked to 69 running malware variants.

June 11, 2025

5 lessons from River Island

June 11, 2025

A vulnerability containing Microsoft Patch 67 Webdav Zero-Day has been exploited in the wild

June 11, 2025
Add A Comment
Leave A Reply Cancel Reply

Latest Posts

Interpol dismantles over 20,000 malicious IPS linked to 69 running malware variants.

5 lessons from River Island

The UK hospitality industry is securing £3 million savings through new initiatives

7 summer event trends you should use now

Trending Posts

Sana Yousaf, who was the Pakistani Tiktok star shot by gunmen? |Crime News

June 4, 2025

Trump says it’s difficult to make a deal with China’s xi’ amid trade disputes | Donald Trump News

June 4, 2025

Iraq’s Jewish Community Saves Forgotten Shrine Religious News

June 4, 2025

Subscribe to News

Subscribe to our newsletter and never miss our latest news

Please enable JavaScript in your browser to complete this form.
Loading

Welcome to Fyself News, your go-to platform for the latest in tech, startups, inventions, sustainability, and fintech! We are a passionate team of enthusiasts committed to bringing you timely, insightful, and accurate information on the most pressing developments across these industries. Whether you’re an entrepreneur, investor, or just someone curious about the future of technology and innovation, Fyself News has something for you.

Top 10 Startups and High-Tech Funding News – June 10, 2025

The Rise of Wish.com: How $10 billion e-commerce unicorn crashes and burns

Top AI Companies to Invest In

Enterprise Search Startup Green valuates $7.2 billion in Series F funding for $150 million

Facebook X (Twitter) Instagram Pinterest YouTube
  • Home
  • About Us
  • Advertise with Us
  • Contact Us
  • DMCA
  • Privacy Policy
  • Terms & Conditions
  • User-Submitted Posts
© 2025 news.fyself. Designed by by fyself.

Type above and press Enter to search. Press Esc to cancel.