Cybersecurity researchers are warning about increasing use of a new type of powerful malware by multiple ransomware groups. This multi-stage malware, which is also known as Bossnet, is utilized for covert post-exploitation actions such as data exfiltration as well as remote access to victim machines.
Skitnet has been for sale in the underground forums since April 2024, according to a similar report from Swiss cybersecurity firm PRODAFT. But its use in actual ransomware attacks increased considerably since beginning of 2025.
Skitnet has also been used in the wild by the notorious Black Basta ransomware gang in Teams-themed phishing campaigns against enterprise networks in April 2025.
The thing about Skitnet that makes it especially dangerous is its reliance on legacy security circumvention efforts. Using programming languages such as Rust and Nim, the malware will establish a connection back to its DNS (domain name system) based command and control (C2) server with a backdoor tiled in the infected system.
This offbeat method of communication allows it to evade a number of off-the-shelf network monitoring solutions.
In addition, Skitnet has several features which serve to make it a useful tool for attackers. These can range from persistence mechanisms to maintain access to victim systems, remote access functions, commands tailored to steal wanted information, and even download and run additional malicious payloads.
Security researchers have pointed out that Skitnet resolves API function addresses at runtime instead of using traditional import tables, adding to its stealth here as well.
After the main piece of Nim-coded bit is executed, it spawns several threads that send DNS requests every so often, get commands from the C2 server embedded in DNS responses, execute these commands, and send the results back to the bad guys.
The C2 panel that comes with Skitnet enables attackers to remotely control infected hosts with a variety of PowerShell commands. These commands allow attackers to maintain persistence on the victim machine, take screenshots of the desktop, use the legitimate remote desktop software for unauthorised access, run PowerShell scripts hosted on remote servers, obtain information about installed security solutions, etc.
The rise of advanced malware such as Skitnet is further evidence of the changing tide of ransomware attacks. Insititutions and people are going to have to have their eyes wide open, utilize best of breed security technology (which successfuly blocked the attacks to our company whose blog I link to) or any other similar and hopefully or will be publicized attacks.
The experts suggest adopting a proactive defense by applying security patches (Microsoft has released a patch for the flaw yesterday), turning off Remote Desktop Services, using antivirus, consumer education, and how keeping up-to-date with the latest threats. Proper offline backup of data is still an important stage in the facilitation of recovery should an attack be successful.
![Online Scam Cases Continue to Rise Despite Crackdowns on Foreign Fraud Networks [Myanmar]](https://sumtrix.com/wp-content/uploads/2025/06/30-12-120x86.jpg "Online Scam Cases Continue to Rise Despite Crackdowns on Foreign Fraud Networks [Myanmar]")
