Home > Cyber News > Skeleton Key Malware Targets Corporate Networks

Skeleton Key Malware Targets Corporate Networks

Skeleton Key MalwareDell researchers report about a new piece of malware, dubbed Skeleton Key, which can bypass authentication on Active Directory systems.

The Dell team says that the Skeleton Key allow the attackers to avoid detection by AD systems with single factor authentication. Such systems rely only on passwords. The cyber criminals can pick any password and login as any user in order to do whatever they please online.

Skeleton Key was first detected on a network that uses passwords to access email accounts and VPN services. Once active as an in-memory patch on the AD domain controller of the system, the malware gives the attackers unlimited access to services. The users can carry on with their activities without being aware of the malware’s presence in the system.

Download a FREE System Scanner, to See If Your System Has Been Affected By Skeleton Key.

The researchers report that treat actors that have physical access to the infected machine can login and unlock systems that authenticate PC users against the infected AD domain controllers.

This way the cyber crooks can pose as any user without drawing attention to their activities or restricting the legitimate users’ access. The attack is anything but sophisticated, but it can be used to pose as company’s manager, an HR director, or basically as anyone the attacker wants to impersonate without raising suspicion. More importantly, the crooks can take over sensitive information.

Skeleton Key does not transmit network traffic, which makes it hard to be detected by IDS/IPS intrusion prevention systems.

Skeleton Key has another weakness – there is a constant need for redeployment to operate each time the domain controller gets started. Researchers believe that the malware is compatible with 64-bit Windows versions only.

The researchers say that at some point the threat actors used other remote access malware already activated on the victim’s network to redeploy Skeleton Key on the domain controllers.

To prevent a Skeleton Key infection, experts recommend using multi-factor authentication.


Spy Hunter FREE scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the anti-malware tool. Find Out More About SpyHunter Anti-Malware Tool


Berta Bilbao

Berta is a dedicated malware researcher, dreaming for a more secure cyber space. Her fascination with IT security began a few years ago when a malware locked her out of her own computer.

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share