Windows PCs are under attack from a new Golang-based malware strain capable of stealing all sorts of sensitive data from vulnerable systems.
As reported by The Hacker News, this info-stealing malware has been dubbed Skuld by its developer, who goes by the alias Deathined. First discovered at the end of April by security researchers at Trellix, the malware is currently being used to target gamers and other Windows users in the U.S., Europe and Southeast Asia.
What sets Skuld apart from other malware strains is that it’s written in Golang (aka Go) which lets malware authors “produce binary executables that are more challenging to analyze and reverse engineer” according to Trellix’s report.
Skuld creator Deathined has also taken inspiration from a number of open-source projects and existing malware samples. It appears that the malware developer is in it for the long haul as they have created several social media accounts, including a group on Telegram that will likely be used to promote their malware business going forward.
What makes Skuld particularly dangerous is the sheer amount of data it’s able to steal and send back to hackers from a compromised Windows PC. This includes a user’s browser data like cookies and session tokens but Discord accounts are also at risk from being taken over by hackers.
Skuld info-stealing malware
Like many other recent malware attacks with gamers in their sights, Skuld is targeting Discord users, which suggests that Deathined may be more interested in going after the gaming industry than other businesses.
Once opened on a victim’s computer after being downloaded through a malicious link or attachment, Skuld first checks to make sure it isn’t running in a virtual environment. This is to avoid having the malware analyzed by security researchers like those at Trellix.
In addition to collecting metadata like the IP address and Windows license key from a user’s system, Skuld can also harvest any cookies or credentials stored in their browser. However, it can also steal files from a user’s profile folders like their Desktop, Documents, Downloads, Pictures, Music, Videos and OneDrive.
From here, Skuld then injects JavaScript code into the Discord app in order to steal a user’s backup codes and take over their account. There’s also a clipper module in some samples of the malware analyzed by Trellix that could be used to steal cryptocurrency wallet addresses and any other sensitive data stored on a victim’s clipboard.
Once all of this data has been collected, it’s then sent back to the hackers who deployed the malware to be used for fraud, other cyberattacks or even to commit identity theft.
How to stay safe from malware on Discord
Like any other social platform, Discord can be abused by hackers in their attacks since it allows users to chat with one another while sending links and even files. Both links and files shared on Discord could be malicious, so you need to be careful when using the service and this goes for your kids as well.
For starters, you want to avoid clicking on any suspicious links sent to you by new friends or other people on any Discord servers you’ve recently joined. Besides links that look strange at first glance, you also want to watch out for shortened links, as they could take you to phishing sites or fake sites hosting malware.
In order to secure your Discord account, you want to enable two-factor authentication while also using a strong password. Instead of coming up with a simple password on your own, you can use one of the best password managers to generate one for you. You also want to make sure that you have the best antivirus software running on your PC to limit the impact of a malware infection if you do accidentally download something suspicious from Discord.
Now that Skuld’s creator Deathined has registered several different accounts to promote their malware, expect to see similar attacks targeting gamers going forward.
More from Tom's Guide
