Cybercrooks have been caught running booby-trapped ads on Skype to redirect users towards an Angler exploit kit trap.
The tactic, part of a broader malvertising campaign, shows that users can be exposed to malicious ads pushing ransomware and other crud without even using a browser-based app, the most common exploit route.
Security researchers at F-Secure uncovered the role of Skype in helping to push an malvertising campaign launched via the AppNexus ad platform (adnxs.com). The same malvertising campaign also featured poisoned ads on various websites, including shopping sites (ebay.it), gaming forums (wowhead.com, gsn.com, zam.com, wikia.com), news sites (the Daily Mail), and internet portals such as msn.com. All the strands of the attack were ultimately designed to redirect surfers to a landing page hosting the Angler exploit kit.
This page exploited browser vulnerabilities and the like in attempts to push the TeslaCrypt ransomware onto Windows Pcs. Angler is an all-in-one hacking package that allows miscreants to plant malware on targets' machines, exploiting known and zero-day vulnerabilities to do so. The toolkit tries to evade detection through various obfuscation and anti-sandbox tricks designed to help frustrate researchers' efforts to find and destroy it.
The malvertising campaign ended soon after F-Secure researchers detected it. Unfortunately, similar attacks along the same lines in future are more than likely. Occasional malvertising attacks against Skype users have been going on since early 2014, if not earlier, according to David Bisson. “This latest campaign clearly demonstrates that platforms that display ads, even when they are not the browser, are not immune from malvertising,” Bisson warns.