Cocktail of Malware Served Through Malicious Links Found in Skype Messages
Security researchers have discovered a new malware-spreading campaign that utilizes Skype to infect friends of users whose Skype account has been compromised.
Skype is a popularized application and service used for online communications, sharing of files and video chat. Many years hackers and cybercrooks have utilized similar online instant messaging platforms to share malicious links. It was discovered recently that Skype was a target for using compromised Skype accounts to send contacts of the pilfered account exclusively containing what appears to be a shortened goo.gl link.
In the new malware campaign using compromised Skype accounts, one would simply receive a message with a shortened goo.gl link as shown in Figure 1 below. This isn't the first time cybercrooks have utilized Skype along with goo.gl shortened URLs to push malware. It has happened on many other occasions.
Figure 1. - Example of malicious link sent in Skype message - Source: Net-Security.org
This message's link, if clicked on, would redirect the user to download a file. The file was found to be a random malware threat. In some instances, the file would contain a Trojan, sometimes a generic downloader or a backdoor. Many of the malware variations would install without detection from popular AV applications.
One notable discovery found in a Trojan variation downloaded as a result of clicking on a malicious Skype link, was the Zeus Trojan, which initiated connections back to an IP address that was once used as a command and control server for Flashback and Madi/Mahdi malware campaigns. Such attacks were rooted over a year ago but could conclude that the hackers behind the Skype escapade are still in business of attacking computers around the world.
Skype, not having any type of malware filters or blocking agents other than ones manually setup by the end-user, is a vulnerable platform where any unblocked user can send you a web link. Shortened URLs have long been culprits for redirecting users to an unwanted or malicious site that downloads malware. It is always in your best interest to be cautions of shared links within Skype unless you are 100% certain of the contact and the link's source.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.