Author: Dell SecureWorks Counter Threat Unit™ Threat Intelligence Date: 12 January 2015 URL: https://www.secureworks.com/cyber-threat-intelligence/threats/skeleton-key-malware-analysis/ Summary Dell SecureWorks Counter Threat Unit(TM) (CTU) researchers discovered malware that bypasses authentication on Active Directory (AD) systems that implement single-factor (password only) authentication. Threat actors can use a password of their choosing to authenticate as any user. This malware was given the name “Skeleton Key.” CTU researchers discovered Skeleton Key on a client network that used single-factor authentication for access to webmail and VPN, giving the threat actor unfettered access to remote access services. Skeleton Key is deployed as an in-memory patch on a victim’s …