Still use Skype at work? Bad news, hackers are targeting it with dangerous malware

News
By published

Skype was being used to deliver malware, experts warn

skype
BigTunaOnline / Shutterstock.com (Image credit: BigTunaOnline / Shutterstock.com)
  • Criminals found using Skype to deliver images hiding malware
  • Victims were mostly SMBs in the Middle East
  • The malware is new, but seems to have distant relatives

Cybercriminals have been found using Skype messenger to deliver Remote Access Trojans (RAT) malware, compromising victim's computers and opening the doors for devastating stage-two attacks.

Cybersecurity researchers at Kaspersky recently uncovered a previously unseen malware variant called GodRAT being distributed via malicious screensaver files, disguised as financial documents.

Unusually, the miscreants were delivering the malware to their victims via Skype messenger until March 2025, when they pivoted to other channels.

GodRAT malware being spread

First off, the hackers would share fake financial data in an image file. By using steganography, they would hide shellcode in the files which, when activated, downloads the GodRAT malware from a third-party server.

The RAT harvests operating system details, local hostname, malware process name and process ID, the user account associated with the malware process, installed antivirus software, and the presence of a capture driver.

After that, GodRAT can receive additional plugins, depending on the initial information shared with the attackers. These plugins can be file explorers, or password stealers.

In some cases, the crooks used GodRAT to deploy AsyncRAT, a secondary implant that granted them prolonged, if not permanent, access.

“GodRAT appears to be an evolution of AwesomePuppet, which was reported by Kaspersky in 2023 and is likely linked to the Winnti APT. Its distribution methods, rare command-line parameters, code similarities with Gh0st RAT, and shared artifacts - such as a distinctive fingerprint header - suggest a common origin,” said Saurabh Sharma, Security Researcher at Kaspersky GReAT.

“The discovery of GodRAT demonstrates how such long-known tools can remain relevant in today’s cybersecurity landscape,”

Kaspersky did not discuss the number of victims, or potential success rate of the campaign, but it did stress that the victims were mostly small and medium-sized businesses (SMB) in UAE, Hong Kong, Jordan, and Lebanon.

You might also like

TOPICS
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.