Skipper is a backdoor trojan known for its use by the Turla advanced persistent threat (APT) group, alleged Russian state-sponsored actors. Turla typically uses spearphishing emails and compromised websites to infect targets with the Skipper trojan, used as a first-stage backdoor. Skipper is used to conduct reconnaissance on the victim's system and network to determine if a second backdoor, such as Carbon, should be installed on the machine to conduct additional malicious activity.

In July 2016, Turla used a Firefox extension to download a version of Skipper onto victims' devices.


  • July 2016: Skipper downloaded onto victim devices by a malicious Firefox extension. (BleepingComputer)

Technical details

  • ESET provides additional information about the Turla APT group and its trojans, here.