Skype users hit by ransomware

Popular communicating software Skype from Microsoft was condemned due to its “fake flash” advertising which commuted ransomware in users’ computers. This is the first time when Skype was inculpated of delivering malicious programs in users’ computers. However, the firm says it’s not its fault for displaying malicious ads.

Several users running Microsoft’s Skype VoIP client on Windows complained that ads served to try push a fake Adobe Flash Player update are serving malicious downloads, which if opened, would trigger a foggy JavaScript and download ransomware. At least two other people having the same “fake Flash” ad into March 30 didn’t run the app but instead deconstructed and posted the code.

The pre-installed malware in Android devices and the vulnerability in Android apps lead to affect over 1 million apps in Google play store last year. Hackers even target mobile charger to install malware on OnePlus smartphones.

According to sources, on the first screen, Skype was coercing a malicious and sham advertisement that impersonating to be a necessary update of Flash Web Plug-in. This ad led to an HTML application downloaded in the system which triggers a JavaScript and runs a new command that deletes the application; user had just opened and runs a PowerShell command, which downloads a JSE (Java Encoded Script) from a no longer existing domain. The complete process helps the malicious file to be detected by antivirus tools.

For some reason, however, the command and control center that the malware attempts to connect to is no longer available, so the attack is incomplete, though malware waiting for instructions is deployed and remains on the vulnerable computer unless manually removed.

The rogue advertisement was first observed and reported on Reddit on March 29, with user j8048188 explaining that when clicking the ad in Skype, it attempts to download a file called FlashPlayer.hta.

A Microsoft spokesperson explained that these are just rogue advertisements displayed to users and Skype isn’t actually infected, recommending to run antivirus software that can block such attacks.

The same type of malware attack was experienced by IBM’s X-Force, which is a sharing site of threat intelligence. However, the package was downloaded from a different domain but the malware matches the pattern of the web address used in the same attack.

To avoid getting into such unfavourable situations, people need to understand that every prompt for download is not legit. Whenever you see a prompt to download an update for a software, regardless how legitimate it appears to be, always prefer to download such updates from their official websites. Keeping your antimalware up to date and running a security scan every once in a while is the key to secure web life.

Leave a Reply