Malwarebytes researchers have discovered a new scam being distributed via Microsoft-owned instant messaging service Skype.
The phishing attack manifests as a message from a Skype contact, and claims the user will be able to get a free upgrade to Skype Premium by following a link contained in the message.
However, the scam steals the user's account credentials and then goes on to deliver a well-known banking Trojan onto their computer.
While you may do everything in your power to keep your data safe, your friends and family might not be so prudent.
While Skype and other messaging services have long been a popular infection vector for cyber criminals, Adam Kujawa, a malware intelligence analyst at Malwarebytes, claims this particular attack is unusual, as it checks the validity of a victim's credentials before proceeds.
In an upcoming blog post, Kujawa explains how he created a new account in the name of Sean Connery's character from Highlander, immortal Juan Sanchez villa-lobos Ramirez, in order to expose the scam.
"If you give them fake or incorrect login details, [the scam] will not proceed. So in order to test this scam without giving up my own personal information, I decided to create a new account...with the Skype name Villa-LobosRamirez," Kujawa said.
It is only once legitimate account details have been entered that the victim is taken to a page imitating the official Skype Download page, which will then attempt to install an executable file named "SkypePremiumSetup", or something similar.
A popup screen then appears, claiming the user's lifetime premium package is being activated. However, their computer is in fact being infected with a Trojan that can steal financial and online banking details.
Additionally, the victim's Skype account will now begin proliferating the scam, with a message similar to the one that originally reeled them in.
"The reality is that while you may do everything in your power to keep your data safe and secure from cyber criminals, your friends and family might not be so prudent. With that in mind, it is important that any communication that you are not certain is coming from someone you know [is] seen as suspicious," Kujawa advises.
"The key is to always be sceptical and [take] prudent security approaches with everything you come across. By double-checking the legitimacy of a single link, you could save yourself some serious heartache," he concludes.
-
How the UK MoJ achieved secure networks for prisons and offices with Palo Alto NetworksCase study Adopting zero trust is a necessity when your own users are trying to launch cyber attacks
-
Putting small language models under the microscopeITPro Podcast The benefits of small language models are undeniable – but they're no silver bullet
-
Court summons Skype after refusal to share customer dataNews The VoIP company decided not to aid a criminal investigation with message and call information
-
Microsoft ordered to clarify Skype privacy fearsNews Privacy advocates want Microsoft to publish transparency reports detailing government requests for personal data.
-
UPDATED: Skype suspends password resets in wake of account takeover fearsNews Messaging giant responds to reports that email security flaw could leave users exposed to attack.
-
Skype users threatened by wormNews Malware spread by "lol" link could hold PC users to ransom.
-
Week in Review: Phone hacking and police snooper sackingsNews This week, with the epic phone hacking scandal still raging on, it's reported hundreds of police have been snooping on data they shouldn't be looking at. What a bunch of naughty so-and-sos...
-
Skype Android app flaw places data in dangerNews Skype says it is looking into a flaw which could allow hackers to acquire user data including contacts and instant message logs.
-
Trojan taps and records Skype conversationsNews Symantec warns Skype users of a threat that could potentially listen in to their conversations.
