Skype spam malware 'recruits your PC for a botnet'

Trojan delivered as Skype message may sign up your computer for botnet, Malwarebytes finds

A spam campaign is infecting Skype users with malware that may enlist their PCs in cyber attacks, security researchers have discovered.

The majority of affected users appear to be based in India, Japan, and the Philippines, according to Malwarebytes, the company that discovered the bug, but the malware may have already spread to other countries. 

Victims receive spam messages on Skype containing Japanese katakana characters and a bitly link. Once clicked, the link directs them to a compromised domain to download a file pretending to be an image.

The image is a screensaver file, which is detected as a malicious SCR file Trojan.Injector. Once executed, it phones back to servers located in China, Vietnam, and the United States.

It also reads data from several configuration files and information about the machine it is installed on, such as the computer name and its GUID, a unique identifier.  

Malwarebytes said the malware also connects to an IRC server, possibly to join a botnet. The compromised domain the file connects to does not use a web application firewall and this, said the firm, makes it easier for malicious actors to infiltrate and use the site. 

"For those who are new to Skype spam, note that this modus operandi has been reused countless times, and it often yields successful results for the criminals," said Jovi Umawang, a researcher at Malwarebytes.

"The texts and links have changed as time went on, but what will remain the same is it will continue to take advantage of people's curiosity and trust that is already established between and among individuals in a network, regardless of size."

Featured Resources

BCDR buyer's guide for MSPs

How to choose a business continuity and disaster recovery solution

Download now

The definitive guide to IT security

Protecting your MSP and your customers

Download now

Cost of a data breach report 2020

Find out what factors help mitigate breach costs

Download now

The complete guide to changing your phone system provider

Optimise your phone system for better business results

Download now

Recommended

HackBoss malware is using Telegram to steal cryptocurrency from other hackers
cryptocurrencies

HackBoss malware is using Telegram to steal cryptocurrency from other hackers

16 Apr 2021
Hackers used SonicWall zero-day flaw to plant ransomware
ransomware

Hackers used SonicWall zero-day flaw to plant ransomware

30 Apr 2021
Botnet targets vulnerable Microsoft Exchange servers
botnets

Botnet targets vulnerable Microsoft Exchange servers

23 Apr 2021

Most Popular

Dell patches vulnerability affecting hundreds of computer models worldwide
cyber security

Dell patches vulnerability affecting hundreds of computer models worldwide

5 May 2021
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

29 Apr 2021
KPMG offers staff 'four-day fortnight' in hybrid work plans
flexible working

KPMG offers staff 'four-day fortnight' in hybrid work plans

6 May 2021