Once again, Microsoft”s secure communication tool is used to spread malware, according to several complaints on Reddit last Wednesday. Criminals targeted Skype users with fake, yet convincing, Adobe Flash plug-in updates through Skype”s in-app ads.
When users log in, a page appears asking them to download “FlashPlayer.hta” which seems like a critical update, but is in fact a malicious page. Once clicked, an HTML application is downloaded to infect the device with ransomware.
The user who started the thread contacted Skype support, which confirmed he was dealing with a virus “unrelated to Skype.” The code was posted on Reddit after two more users complained about seeing the same fake page when logging in.
When contacted, Microsoft name the attack a “social engineering effort.”
“We’re aware of a social engineering technique that could be used to direct some customers to a malicious website,” said the spokesperson. “We continue to encourage customers to exercise caution when opening unsolicited attachments and links from both known and unknown sources and install and regularly update antivirus software.”
Social engineering is the process tricking users into revealing private, sensitive information or into clicking or downloading malicious software. Since its release, Skype has regularly been a top target for criminals who rely on gullible, distracted or curious users to click on infected links, Flash and Java ads.
After having addressed topics such as NFC, startups, and tech innovation, she has now shifted focus to internet security, with a keen interest in smart homes and IoT threats.View all posts
May 16, 2023
March 10, 2023
June 06, 2023