Skipper

Skipper appears to be a backdoor Trojan that was created and used by a group of Russian cybercriminals known as Turla. The first wave of its distribution was between 2016 and 2017. Afterward, hackers found new targets to attack and started a new campaign. Usually, such sophisticated tools are used to attack organizations or institutions, which means it is unlikely that a regular user could find it on his system. Another thing that we ought to mention is that this malicious application was used to gain access to targeted systems and drop more threats. To learn more about its possible distribution channels and working manner, we invite you to read our full report. The deletion instructions at the end of this article show how to erase malicious applications connected to Skipper manually. As for deleting the Trojan, we recommend leaving such threats to reliable antimalware tools and cybersecurity experts. Provided you have any questions about the Trojan, do not forget there is a comments section below to contact us.

Some threats travel with Spam emails, while others enter a system by exploiting its weaknesses. Apparently, Skipper gets in with the help of a malicious browser extension. To be more precise, at the time the malware was active, it was spread with a malicious plugin for Mozilla Firefox. Researchers say the extension might have been called HTML Encoding or langpack-en-GB. As you realize, even a harmless looking plugin could be harmful, which is why our specialists advise being careful with any data or applications that come from unknown sources. Companies that want to protect their computers from such malware should educate their employees on how to recognize potentially dangerous content and how to be safe while surfing the Internet, installing new tools, or opening data obtained from the Internet at work.

As explained earlier, Skipper is a backdoor Trojan. Malicious backdoor applications allow unauthorized users or hackers to bypass a targeted system’s security measures and gain root access, which may enable attackers to gain complete control over an infected system. Consequently, cybercriminals behind such a threat could be able to perform various tasks like copy files or erase them, make a system shut down, and so on. However, Skipper was mostly used to drop more malware on an infected device. Apparently, its main task was to gather information about an infected system and determine whether a second backdoor was needed to download. In other words, it was the first but only one of the few threats that could have been dropped on a computer infected by this Trojan.

Detections of such threats are usually complicated. Trojans like Skipper can not only hide well but also might be erased from a system without leaving any trace. Meaning, sensitive information could be taken from a victim's computer, and the target may never learn about how it was done. One of the steps in cleaning a system from such a threat is deleting browser extension associated with the backdoor threat. The instructions available below shows how to access the Mozilla Firefox extension menu and erase the mentioned plugins. Of course, it will not be enough to eliminate Skipper, not to mention other possible threats. Consequently, we advise employing a reliable antimalware tool or getting cybersecurity experts that could properly clean the computer infected with the Trojan and secure it too.

Erase the extension related to Skipper

1. Open Mozilla Firefox.
2. Copy and paste this path: about:addons into your browser’s address bar.
3. Click Enter and have a look at the Extensions list.
4. Find malicious extension related to Skipper that ought to be called HTML Encoding or langpack-en-GB.
5. Click the malicious add-on and press the three-dots button near it.
6. Select Remove.
7. Close the browser.
8. Scan the computer with a reliable security tool.