Skype users, especially from Western countries are complaining about “Fake flash ads” which when clicked are leading to a ransomware attack. From past couple of weeks, Reddit has been buzzing with reports saying that Skype’s home screen is acting as a playground for malware. And most of the users have come to a conclusion that they should quit the Microsoft-owned messaging platform and start looking for other alternatives.
According to a Reddit Thread, some users clicked on an attractive Skype ad which leads to the download of an HTML application which mimicked a legitimate app. Users who opened the app downloaded a malicious payload, which thereafter locked down the computer after encrypted the files for ransom.
Users who are using the desktop Skype app are becoming the prime targets of this ransomware attack while those using a mobile app seem to be at a safer side.
Two of the Reddit geeks tried to test the water by clicking on the fake flash ads on Thursday. But they did run the app and instead deconstructed and posted the source code.
Currently, the fake ad is targeting Windows machines which when opened will trigger a complicated JavaScript. And after becoming active, the code starts a new command line and then deletes the just opened application by the user in order to run a Powershell command. The command then triggers the download of a JavaScript Encoded Script (JSE) from a domain that no longer exists.
The reason for the malware to go undetected by antivirus solution is due to the fact that it is a ‘Two Stage Dropper’ which activates itself in a sequential order i.e. a step by step format.
The fake flash ad clearly indicates that it is a spin-off of Locky ransomware campaign.
Microsoft or Skype have remained silent on this issue.
