Windows systems in the U.S., Europe, and Southeast Asia had sensitive data exfiltrated in attacks with the novel Go-based Skuld information-stealing malware, which was similar to the BlackCap Grabber, Luna Grabber, and Creal Stealer backdoors, reports The Hacker News.
After checking execution in a virtual environment, Skuld proceeds with collecting running processes, which those matching its predefined blocklist then terminated, a Trellix report showed. The info stealer then proceeds with system metadata collection, web browser cookie and credential theft, and Windows user profile folder file exfiltration.
Researchers have also discovered a clipper module in some Skuld samples enabling cryptocurrency asset theft.
The emergence of Skuld shows the increasing prevalence of Go-based malware, said Trellix researcher Ernesto Fernandez Provecho.
"Additionally, Golang's compiled nature lets malware authors produce binary executables that are more challenging to analyze and reverse engineer. This makes it harder for security researchers and traditional anti-malware solutions to detect and mitigate these threats effectively," Fernandez Provecho added.