Damage potential: Data destruction, theft, and exfiltration, espionage and surveillance, installation of additional malware, system manipulation and control, further propagation and spreading to other devices, ransomware deployment, botnet formation, disruption of services.
Skuld is a new string of infostealer, built using Golang due to its simplicity, efficiency, and cross-platform compatibility. It was discovered in 2023 as malware that has already successfully targeted networks across the world, including the US, Asia, and Europe.
Skuld will likely impact how your system works, so anything unusual, such as unfamiliar processes in the Task Manager, can be a sign of malware. Other possible symptoms include:
Suspicious network activity. Skuld can target data in Discord and your web browser, so you’ll notice unexpected data transmissions in or out of your network. Pay special attention to Discord and the messages you receive, access issues, or changes in how the app behaves.
Decline in system performance. Infostealers are often not as heavy on performance as other types of malware, but you should still experience your system slow down.
Disabled security. Skuld has the ability to disable antiviruses and anti-malware software.
Clipboard changes. Infostealers such as Skuld often target your clipboard for data such as emails, passwords, and addresses. If your device is infected, you may notice that the information you paste is not always what you copied.
Sources of infection
Skuld can be spread through various methods, including the traditional ones used for all types of malware, such as:
Phishing — malware disguised as web links and email attachments.
Social media contacts of a compromised account.
Malvertising, ads that launch malware.
Since it’s a new family of infostealers, there’s not much known about preventing Skuld from infecting a device. In fact, Skuld’s ability to recognize if it’s in a virtualized environment and the compiled nature of Golang makes it difficult for researchers to analyze it.
However, it’s still spread using traditional and well-documented methods. As a result, avoiding downloading software from unofficial sources and being extremely careful with unsolicited links is key to staying safe. You can also use NordVPN’s Threat Protection, which scans files for malware before they’re downloaded to your device.
If you suspect that Skuld has infiltrated your device, first make sure to isolate your device. Disconnect it from the Internet and other devices in the network. Check your web browser for unfamiliar web extensions. If you have important files, it’s also worth performing a backup. Now, use your antivirus to run a full system scan.