New Golang-Based Malware Skuld Targets Discord and Web Browsers to Steal Sensitive Data

A new malware strain based on the popular Golang programming language has been compromising Windows-based systems worldwide. Dubbed Skuld by researchers at Trellix, the malware has the ability to exfiltrate sensitive user information. By targeting the victim’s system and Discord account, the threat actor steals information stored in browsers, system files and folders.

Skuld’s modus operandi is quite similar to other open-source public repositories like Creal Stealer, Luna Grabber and BlackCap Grabber.

When executed, the malware first performs a check to see if it’s running in a virtual environment and for this it compares the downloaded list of running processes to a predefined blocklist. Should there be any similarity, Skuld terminates the matched process instead of removing itself. This process is done to avoid detection during analysis.

Through this method of attack, not only does the malware gather system metadata, but also extracts browser and system stored information like login credentials, history, and cookies. It also downloads system configuration data and information stored in windows user profile folders like Music, OneDrive, Downloads, Document, Videos, and Desktop.

The malware has the capability to bypass the security protection of Better Discord and Discord Token Protector. By injecting a JavaScript code into Discord, Skuld tries to extract the backup codes from the application, noted Trellix’s report. The extracted information is sent to the actor using Discord webhook or Gofile upload service.

The report went on to say that the malware is also working on developing a module to steal cryptocurrency assets. Researchers at Trellix have associated the threat actor known as Deathined with this malware, having accounts on various social media platforms like GitHub, Telegram, Reddit, and Tumblr. It is believed that in future, these accounts could be used to market it as a service for other hackers.

With the increasing use of Golang to develop these types of malwares as well as targeting of social media platforms like Discord, it is important to have strong security measures in place. Using the best password managers to suggest and store your passwords. Using an antivirus or a VPN to mitigate threats like phishing, identity theft helps you stay safe in the ever-changing cybersecurity landscape.