VDB

GCVE-110-OSM-2026-654

GCVE-110-OSM-2026-654
Advisory PublishedCVSS 9.6/10
Vulnetix · Advisory published June 10, 2026
Skuld is a "Discord-oriented" stealer that targets Windows systems. Despite the "educational purposes" disclaimer, it's a fully-functional piece of malware with extensive data exfiltration capabilities. Key Capabilities Credential & Data Theft Steals logins, cookies, credit cards, history from 37 Chromium-based browsers and 10 Gecko/Firefox browsers Extracts Discord tokens from 4 Discord applications plus browsers Captures data from 10 local crypto wallets and 55 browser wallet extensions Steals Epic Games, Uplay, Minecraft (14 launchers), and Riot Games sessions Grabs sensitive files from common locations and saved Wi-Fi credentials Discord-Specific Attacks Injects into Discord client to intercept login/2FA requests, email/password changes, and payment additions Captures 2FA backup codes Blocks QR code login (likely to force credential entry for interception) Persistence & Evasion Uses fodhelper.exe UAC bypass for privilege escalation across all user accounts Anti-debugging: terminates debugging tools Anti-VM: detects and exits in virtual machine environments Anti-AV: disables Windows Defender and blocks AV websites Hides console, adds itself to startup, displays fake error messages Crypto Clipper Monitors clipboard and replaces copied crypto addresses with attacker-controlled addresses Exfiltration Data is sent via Discord webhook to the attacker. Technical Notes The malware is modular, allowing cherry-picking of specific capabilities. It compresses to ~3MB with UPX packing. The codebase draws from multiple existing stealers (Empyrean, Blank-Grabber, HackBrowserData, etc.). This is a fairly standard but well-organized modern infostealer—useful to understand for detection rule development or threat modeling in your supply chain security work.

Weaknesses (CWE)

CWE-506Embedded Malicious Code

Risk Scores

CVSS 3.1
9.6/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Affected Products

VendorProductVersionsPlatforms
unknownall (affected), * (affected), all (affected), all (affected), * (affected), all (affected), * (affected)
unknownazure-eventhub-checkpointstoretableall (affected)
unknownall (affected)

Browse GCVE Records

72,921 records in the GCVE database · Updated July 15, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›