Popular communicating software Skype from Microsoft was condemned due to its “fake flash” advertising which commuted ransomware in users’ computers. This is the first time when Skype was inculpated of delivering malicious programs in users’ computers. However, the firm says it’s not its fault for displaying malicious ads.
The pre-installed malware in Android devices and the vulnerability in Android apps lead to affect over 1 million apps in Google play store last year. Hackers even target mobile charger to install malware on OnePlus smartphones.
For some reason, however, the command and control center that the malware attempts to connect to is no longer available, so the attack is incomplete, though malware waiting for instructions is deployed and remains on the vulnerable computer unless manually removed.
The rogue advertisement was first observed and reported on Reddit on March 29, with user j8048188 explaining that when clicking the ad in Skype, it attempts to download a file called FlashPlayer.hta.
A Microsoft spokesperson explained that these are just rogue advertisements displayed to users and Skype isn’t actually infected, recommending to run antivirus software that can block such attacks.
The same type of malware attack was experienced by IBM’s X-Force, which is a sharing site of threat intelligence. However, the package was downloaded from a different domain but the malware matches the pattern of the web address used in the same attack.
To avoid getting into such unfavourable situations, people need to understand that every prompt for download is not legit. Whenever you see a prompt to download an update for a software, regardless how legitimate it appears to be, always prefer to download such updates from their official websites. Keeping your antimalware up to date and running a security scan every once in a while is the key to secure web life.