Several ransomware groups are leveraging the Skitnet malware to enhance their post-exploitation capabilities, including data theft and remote control. This versatile malware is currently impacting organizations targeted by Black Basta and other ransomware operators. #Organizations #CybersecuritySystem
Keypoints
- Skitnet is a multi-stage malware used by ransomware actors to maintain persistence, exfiltrate data, and control infected hosts.
- The malware employs programming languages like Rust and Nim to evade detection and communicate over DNS with C2 servers.
- Skitnet features include remote desktop deployment, screenshot capture, PowerShell command execution, and security product discovery.
- The malware was sold commercially on underground forums starting in April 2024 and has gained traction in the ransomware ecosystem since early 2025.
- Additionally, the TransferLoader malware loader is used to deploy the Morpheus ransomware, utilizing obfuscation and decentralized C2 channels like IPFS for stealthy operations.
Read More: https://thehackernews.com/2025/05/ransomware-gangs-use-skitnet-malware.html