New Skype spam leads to Trojan download

Skype Hacking Tool: A Sting in the Tail

More often than not, when digging around the more dubious corners of the web “Skype hacking tool” means “If you install this, your PC is going to need a bit of a lie down”.

Typically, these executables are backdoored, pop surveys, open up shock memes on your desktop at inopportune moments and generally do anything but the unique selling point they’re being pushed with. Of course, people downloading these programs are doing so because they want to break into someone’s account, so you reap what you sow and all that.

As it happens, you don’t even need to visit “dubious corners” – firing up YouTube is enough to find some shenanigans taking place. For example:

Skype Hacker, eh?...

“Skype Hacker, Various Options”, you say? What could possibly go wrong?

The file – located on a free file hosting service – is zipped up in a .rar file and gives off a bad impression to the inherently suspicious right from the start. Does the file icon look like anything remotely Skype related to you?

...Skype?

SkypeHacker 2015 JavaUpadate.exe [sic] Java@Registred [sic] [[again]]

If the typos galore and the references to the entirely unrelated Java didn’t strike you as odd, the Java icon probably would.

Firing up the program gives us a rather fetching green radar. It’s all gone a bit War Games, hasn’t it?

Spinny green things

The user is presented with a number of options to keep them nice and distracted from the true purpose of the file. This is because all our would-be Skype hacker has ended up with here is a backdoor on their system, allowing for further compromise and all sorts of additional antics taking place on their newly infected PC.

Users of Malwarebytes Anti-Malware will find we detect this file as Backdoor.Agent.DC.

Some other common Skype-related  scenarios where you may wish to exercise caution:

  1. Skype credit generators: Everybody would like some free Skype credit I imagine, but grabbing random downloads is never going to be the way to do it. You’ll end up with PUPS at worst, and Malware at best.
  2. Smileys and Emoticons: As with the above, you may well run into problems related to PUPs, browser extensions and installers with standalone uninstaller programs.
  3. Skype spam IM messages: Sent by compromised accounts, these will often make use of URL shorteners and / or encoded search engine links to disguise the bad intentions of the final destination. Random messages out of the blue accompanied by shortened links should always be checked where possible, and you should contact the sender by alternative means if you’re still not 100% sure.
  4. Chatbots: These have been around forever, but they still pop up across the board in IM, trying their best to convince you that awesome things lie beyond their clickable link and request for payment information to “ensure you’re over 18 years of age”. It was a nope back in the early days of the web, and it’s still a nope now.
  5. Email spam: Convincing looking Voicemail messages landing in your mailbox could give you a nasty experience, and these are a popular tactic for multiple spamgroups dabbling in Malware and Exploit Kits. If you have voicemail enabled for any VoIP service, you should just stick to checking them directly from your app of choice or the official website – don’t take chances.

Remember – what goes around comes around, and that almost always tends to be the case where the desire to obtain a cool hacking tool overrides common sense. Don’t ask yourself “What’s in it for me?” – instead, ask yourself “What’s in it for the creator of this free program?”

More often than not, it’s the keys to the kingdom…

Christopher Boyd

ABOUT THE AUTHOR

Christopher Boyd

Former Director of Research at FaceTime Security Labs. He has a very particular set of skills. Skills that make him a nightmare for threats like you.