6 Jan 2018

Microsoft’s Skype Serving malicious ads on windows

Users running Microsoft’s Skype VoIP client on Windows are being served malicious ads trying to push a fake Adobe Flash Player update that eventually leads to a malware infection.

A reporter on Reddit, with username j8048188 has identified an advertisement that pops up on Skype for windows without interacting or clicking anything after logging on Skype. The ad in Skype attempts to download a file called FlashPlayer.hta as shown on the image below.

Once this HTML application (FlashPlayer.hta) is launched, it downloads another package which will try to trigger a series of tasks involving running JavaScript, PowerShell commands to delete the application that the user just opened, try to bypass antivirus and attempt to download JavaScript Encoded Script from a domain that no longer exists (A domain is registered and de-registered quickly to hide the operations of the attacker).

In a statement given to ZDNet, Microsoft avoided accepting responsibility for the ads showing, saying:
We’re aware of a social engineering technique that could be used to direct some customers to a malicious website. We continue to encourage customers to exercise caution when opening unsolicited attachments and links from both known and unknown sources and install and regularly update antivirus software.
FYI, Microsoft displays advertisements on Skype's start page and alongside conversations. These ads are only present in the traditional, Win32 desktop program of Skype, not in the Windows 10 version of Skype. The ads in Skype are loaded through an embedded Internet Explorer object.

To block ads in Skype

Add these two sites to your IE Restricted Sites. The ad banner space will still be there, but it'll block the ad content: apps.skype.com, g.msn.com

Have you been affected by malware that spread through Skype? Let me know below!

You may also follow this link for information on Ransomware and how you can stay safe.