Skype users hit by ads spreading malicious Angler exploit kit

Skype users hit by ads spreading malicious Angler exploit kit

Researchers recently spotted a malvertising campaign that used poisoned ads on Skype to redirect users to the Angler exploit kit.

Karmina Aquino, a security expert at F-Secure Labs, explains in a blog post how she and her colleagues came across something unusual while they were analyzing a malvertising campaign launched via the AppNexus ad platform (adnxs.com)

"One of the platforms for infection that we observed was Skype. It was interesting to note that having the ad displayed in a platform external to the browser did not mean that the browser was no longer accessible and thus the user could no longer be affected."

Ad urls

Further analysis revealed that the campaign leveraged ads posted on a number of other websites, including shopping sites (ebay.it), gaming forums (wowhead.com, gsn.com, zam.com, wikia.com), news sites (dailymail.co.uk), and online internet portals such as msn.com, to redirect users to a landing page for the Angler exploit kit.

In this particular campaign, Angler downloaded and infected each user with TeslaCrypt ransomware.

Teslacrypt

Karmina writes that the malvertising campaign ended soon after she and her fellow researchers detected it. But we would be remiss to think that we have seen the last of Skype-based malvertising attacks.

Indeed, the video chat technology, which uses a non-browser application to displays ads to users, has been leveraged by attackers to disseminate malicious ads for three years in a row.

Back in early 2014, a user posted to Bleeping Computer how researching a particular pop-up ad in Skype via Google Search revealed that the popular video chat software's ad service had been compromised.

Approximately one year later, Skype users were exposed to a series of malicious ads that masqueraded as fake Adobe Flash, Java, and QuickTime updates.

This latest campaign clearly demonstrates that platforms that display ads, even when they are not the browser, are not immune from malvertising.

Skype adverts

With that in mind, it would be a good idea to install an ad-blocker to protect against those pesky browser-based apps. Installing an anti-virus solution will provide added protection if attackers decide to migrate their ads to non-browser applications.

In either scenario, it is best that you refrain from clicking on an ad, as you have no idea where it might take you.

Tags: , , ,

Subscribe to the free GCHQ newsletter


, , ,

Leave a reply

3 Comments on "Skype users hit by ads spreading malicious Angler exploit kit"

Notify of
avatar

Sort by:   newest | oldest | most voted
Darren
Visitor
Darren
February 12, 2016 10:02 am

And this is why I use an ad-blocker. While it's robbing legitimate content producers of advertising revenue I still get a safer (and in many cases faster) web browsing experience when blocking ads.

Good article, thanks for keeping us informed.

coyote
Member
Not a lurker
coyote
February 13, 2016 1:55 am

I'd say you shouldn't feel any sympathy whatsoever. The only ones who should have sympathy and more so should apologise (but I realise it's easier said than done because of the idiocy of laws which says apologising = guilty of some crime = can sue etc.) are those who insist on advertising despite the risks involved. But they typically won't do anything but whine.

As for me, I only use skype because it's the only way I can communicate with some people. But I use Linux and the Linux skype is very limited including no adverts. I'd block them anyway though with or without an ad blocker (and there are many ways to do this).

Generic commenter
Visitor
Generic commenter
February 12, 2016 4:13 pm

Some android phones seem to go out of their way to misinterpret a scrolling finger as a clicking finger.

wpDiscuz