Skipper

What is Skipper?

Skipper is a Trojan, and if you are not cautious, it could be used to open up a backdoor straight into your operating system. This malicious Trojan has been found to be employed by the Turla APT (Advanced Persistent Threat) group. The group is famous for creating and using multiple different tools in their attacks. A few others include Topinambour and KopiLuwak, and if you want to learn more about them, detailed articles and removal guides are already available. If you have found any of this malware on your operating system, there is a good chance that your virtual security has been jeopardized already. Although the backdoor does not offer a great variety of functions, the attackers can use it for the most basic actions necessary for highly complex and aggressive attacks. Ultimately, this malware is extremely dangerous, and you want to get rid of it as soon as possible. If you are not yet sure whether or not you need to delete Skipper, employ a trusted malware scanner, and you will find out right away.

How does Skipper work?

According to the Anti-Spyware-101.com research team, the devious Skipper has been used in attacks since the summer of 2016. Two unique Mozilla Firefox extensions were used to spread this dangerous Trojan. The first one was called “HTML5 Encoding.” In fact, it is unclear whether or not this extension was used for the proliferation of the infection because when it was tested, only a handful of downloads were recorded. Quite possibly, this extension was used for testing purposes only. That being said, it was introduced to users via a compromised website of a Swiss security firm. The description of the extension read: “Encoding support for your browser.” The second extension was called “langpack-en-GB,” and it was linked to the Pacifier APT group. This extension also opened a backdoor, and it was a different version of the devious Skipper backdoor. Quite possibly, the Turla group was standing behind it all along, but there is no proof of that. This kind of “modus operandi” is quite unusual for Turla, because, in most cases, they use compromised websites to forcibly load malware code onto the victims’ computers.

Once in place, Skipper, allegedly, tries to determine which other hacking tools from the Turla APT group could be executed to aid the attacks. The extension is also used to gather information about the infected system, as well as download and execute files. With this power at hand, the attackers behind Skipper could download virtually anything they desire. The Turla APT group is known for targeting embassies, government-related organizations, as well as national-level defense agencies. Countries from the former Soviet bloc were most likely to be affected, and, considering that Turla is believed to root from Russia, this is not that surprising. Unfortunately, when it comes to national-level security, there is no room to guess and wait. Governments need to be proactive about how they secure their internal systems; otherwise, high levels of extremely sensitive information could be leaked. In today’s political climate, any kind of disturbance can lead to extreme political disasters, and that is what we all want to avoid.

How to remove Skipper

Since Skipper can download anything, there is a variety of malicious threats that you might need to remove from the infected operating system. Of course, the root of the problem has to be destroyed first, and, in this case, we are looking at Mozilla Firefox extensions. The guide below shows how to delete Skipper-related extensions, but that is not the end of your journey. Once the extension is destroyed, we strongly recommend installing a malware scanner or, better yet, a reliable anti-malware tool to help you inspect your operating system. If other threats are discovered, they must be deleted instantly. If you use a malware scanner, you will need to perform removal yourself. However, if you use a legitimate anti-malware program, all threats will be eliminated automatically. Furthermore, your operating system will gain the protection it so desperately needs. Although the devious Trojan is most likely to affect government-related institutions, every single user online needs to be cautious about this threat.

Removal Guide

1. Launch Mozilla Firefox.
2. Tap keys Ctrl+Shift+A to open the Extensions menu.
3. Remove unwanted extension (could be HTML Encoding or langpack-en-GB).
4. Immediately install a trusted malware scanner.
5. Perform a full system scan to determine whether or not other threats require removal. Download Removal Tool100% FREE spyware scan and
   tested removal of Skipper*