Ransomware gangs are increasingly adopting Skitnet, a stealthy malware for post-exploitation activities on breached networks. This malware facilitates covert control, remote access, and data exfiltration, complicating detection efforts.
Affected: Ransomware gangs, enterprise networks
Affected: Ransomware gangs, enterprise networks
Keypoints
- Skitnet is a Rust-based malware sold on underground forums since April 2024 and gained popularity among ransomware groups in early 2025.
- The malware establishes a DNS-based reverse shell, enabling covert communication with its command and control (C2) server.
- Operators can issue commands to steal screenshots, install remote access tools like AnyDesk, execute PowerShell scripts, and enumerate antivirus software.
- Skitnet employs techniques such as DLL hijacking, persistence via startup shortcuts, and in-memory powerShell scripting for stealthy operations.
- Using Skitnet reduces development costs for threat actors, increases attack speed, and complicates attribution, making it a favored tool in current ransomware campaigns.