On Thursday evening, TechCrunch reported that over 11,000 sites have been infected with a particularly nefarious type of malicious software (malware) that has been cleverly obfuscated to help it remain undetectable to security researchers and antivirus software. The malicious code has been dubbed “Skeleton Key” by researchers and has been found to be active on websites in places such as the United Kingdom, USA, Germany, Brazil and Israel.
Skeleton Key is a Windows attack toolkit in an executable form and is designed to steal the credentials of legitimate users. It works by silently lurking in the background and harvesting user credentials as they are entered into the system. Skelton Key is adept in its ability to evade detection by security research and antivirus programs as it doesn’t leave any detectable footprints.
This malicious software highlights the need for business owners to be ever vigilant when it comes to the security of their websites. It also serves as a reminder of the importance of regularly patching any and all vulnerable software on servers where websites are hosted. Regular scans of the sites should also be done using reputable web security companies and teams that can ensure any malicious code has been removed and that the website remains secure.
Additionally, site administrators and webmasters should use strong passwords and two-factor authentication on all sites. This helps to reduce the risk of credentials being stolen by malicious actors. This is especially important for websites that contain sensitive information, such as online stores, payment portals and customer databases.
As for the 11,000 sites hacked with Skeleton Key, researchers have identified some of the victims and are taking steps to isolate and remove the malicious code from their networks. Unfortunately, it is likely that there are many more websites out there that have been infected with Skeleton Key and are still going undetected. As such, it is imperative that business owners and administrators take the necessary steps to protect their websites from the threat of malicious software.
Hey Subscribe to our newsletter for more articles like this directly to your email.