Skitnet, a sophisticated multi-stage malware developed by the threat actor LARVA-306, utilizes programming languages Rust and Nim to evade detection.

Since its emergence on underground forums in April 2024, Skitnet, also known as Bossnet, has seen a marked increase in its use in real-world attacks throughout early 2025.

Several ransomware groups are now employing Skitnet for data theft and remote access, further emphasizing its growing prevalence in cybercrime.

Notably, in April 2025, the ransomware group Black Basta leveraged Skitnet in phishing campaigns aimed at enterprises, highlighting its stealth capabilities.

The malware establishes a reverse shell connection over DNS and incorporates various persistence mechanisms and tools for data exfiltration.

Skitnet's design allows it to dynamically resolve API function addresses, which helps it avoid traditional detection methods, making it a particularly sophisticated threat.

The initial executable of Skitnet is a Rust binary that decrypts and executes an embedded Nim payload, enabling effective management of infected hosts through a command-and-control (C2) server.

This disclosure about Skitnet coincides with the emergence of another malware loader, TransferLoader, which specifically targets American law firms, illustrating the evolving landscape of cyber threats.