Security News > 2023 > June > New Golang-based Skuld Malware Stealing Discord and Browser Data from Windows PCs
A new Golang-based information stealer called Skuld has compromised Windows systems across Europe, Southeast Asia, and the U.S. "This new malware strain tries to steal sensitive information from its victims," Trellix researcher Ernesto Fernández Provecho said in a Tuesday analysis.
"To accomplish this task, it searches for data stored in applications such as Discord and web browsers; information from the system and files stored in the victim's folders."
Besides gathering system metadata, the malware possesses capabilities to harvest cookies and credentials stored in web browsers as well as files present in the Windows user profile folders, including Desktop, Documents, Downloads, Pictures, Music, Videos, and OneDrive.
Artifacts analyzed by Trellix show that it's engineered to corrupt legitimate files associated with Better Discord and Discord Token Protector and inject JavaScript code into the Discord app to siphon backup codes, mirroring a technique similar to that of another Rust-based infostealer recently documented by Trend Micro.
Data exfiltration is achieved by means of an actor-controlled Discord webhook or the Gofile upload service.
In the case of the latter, a reference URL to steal the uploaded ZIP file containing the stolen data is sent to the attacker using the same Discord webhook functionality.
News URL
https://thehackernews.com/2023/06/new-golang-based-skuld-malware-stealing.html
Related news
- Fake browser updates spread updated WarmCookie malware (source)
- North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware (source)
- Russia targets Ukrainian conscripts with Windows, Android malware (source)
- New SteelFox malware hijacks Windows PCs using vulnerable driver (source)
- New CRON#TRAP Malware Infects Windows by Hiding in Linux VM to Evade Antivirus (source)