A number of users are complaining that the popular communication application Skype has been hosting rogue advertisements, which has a large risk of triggering malware.
The issue was elevated to reddit last Wednesday, where the original poster complained that a malicious ad appeared while he was on Skype's home screen, and it was pretending to be a Flash update for the computer's browser.
As the redditor points out, the ad would prompt the user to download an HTML application named "FlashPlayer.hta," designed to look like a legitimate program. However, once opened, it would download a malicious payload, which could potentially harm a computer in the long run.
The poster has successfully deconstructed the code, and has posted it publicly on reddit.
In an investigation by ZDNet, the experts they contacted found the following regarding rogue Skype ads:
According to Ali-Reza Anghaie, co-founder of cybersecurity firm Phobos Group, the issue is what is called a "two-stage dropper". "It's effectively the utility component of the malware that then decides what else to do based on the command and control it connects to", he shared.
While the domain used by the attacker no longer exists, Anghaie believes that it very likely serves ransomware.
Other people have complained about malicious ads inside Skype, with the fake Flash update as a common denominator.
Responding to the issue, a Microsoft spokesperson said that the issue was a "social-engineering effort," and that they should not be held responsible for the malicious content. The company further explains:
We're aware of a social engineering technique that could be used to direct some customers to a malicious website. We continue to encourage customers to exercise caution when opening unsolicited attachments and links from both known and unknown sources and install and regularly update antivirus software.
As stated, it pays to be careful in opening suspicious content off the internet. Many are out there to deceive users, and steal sensitive information, aside from malware's usual work of wreaking havoc in our computers.
11 Comments - Add comment