Skitnet, a multi-stage malware developed by the threat actor LARVA-306, is increasingly being used by ransomware operators in their attacks since early 2025. First advertised in April 2024 on underground forums, Skitnet features stealth capabilities and flexible architecture, enabling it to effectively establish remote control and exfiltrate sensitive data. Notably, it uses modern programming languages like Rust and Nim, allowing it to evade detection through techniques like DNS-based reverse shell connections and dynamic API function resolution. This versatility positions Skitnet as a growing threat in the cybersecurity landscape, especially among ransomware groups.
Skitnet is gaining traction in ransomware attacks due to its stealth features and flexible architecture, making it a versatile tool for cybercriminals.
Developed by the actor LARVA-306, Skitnet combines various programming languages, including Rust and Nim, to establish undetectable reverse shell connections.
Collection
[
|
...
]