Skip to Main Content
PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.

Malvertising Discovered on Skype App

Malicious ads that rely on browser vulnerabilities can be activated from within Skype, researchers find.

By Tom Brant
February 12, 2016
Skype Tips

Security researchers at F-Secure this week discovered malvertising within Skype. It displayed "poisoned" ads on the chat platform that could install malware on users' computers without the help of a browser exploit.

The advertising campaign redirected users who clicked on the ads to a landing page for the Angler exploit kit, which can automatically download and install ransomware. As its name suggests, ransomware encrypts an entire hard drive and then displays a message asking the victim to pay money—typically in bitcoin—to receive the unlock key.

This attack wasn't specifically targeted at Skype users. Using the AppNexus ad platform, the malicious ads also showed up on many shopping and news websites like eBay, MSN, and The Daily Mail.

But their presence on Skype was noteworthy because no browser is involved. "It was interesting to note that having the ad displayed in a platform external to the browser did not mean that the browser was no longer accessible and thus the user could no longer be affected," the researchers explained in their blog post.

Several Skype security vulnerabilities have been uncovered over the years, not all of which have been exploited. But the fact that Skype can be exposed to browser-based attacks even though it doesn't use a browser is especially concerning, according to blogger David Bisson, who covers security issues.

"This latest campaign clearly demonstrates that platforms that display ads, even when they are not the browser, are not immune from malvertising," Bisson wrote in a separate blog post.

F-Secure said the campaign "seemed to have ended quite fast," but Bisson suggested installing an ad blocker or making sure your PC is protected by an antivirus solution.

Like What You're Reading?

Sign up for Fully Mobilized newsletter to get our top mobile tech stories delivered right to your inbox.

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.


Thanks for signing up!

Your subscription has been confirmed. Keep an eye on your inbox!

Sign up for other newsletters

TRENDING

About Tom Brant

Deputy Managing Editor

I’m the deputy managing editor of the hardware team at PCMag.com. Reading this during the day? Then you've caught me testing gear and editing reviews of laptops, desktop PCs, and tons of other personal tech. (Reading this at night? Then I’m probably dreaming about all those cool products.) I’ve covered the consumer tech world as an editor, reporter, and analyst since 2015.

I’ve evaluated the performance, value, and features of hundreds of personal tech devices and services, from laptops to Wi-Fi hotspots and everything in between. I’ve also covered the launches of dozens of groundbreaking technologies, from hyperloop test tracks in the desert to the latest silicon from Apple and Intel.

I've appeared on CBS News, in USA Today, and at many other outlets to offer analysis on breaking technology news.

Before I joined the tech-journalism ranks, I wrote on topics as diverse as Borneo's rain forests, Middle Eastern airlines, and Big Data's role in presidential elections. A graduate of Middlebury College, I also have a master's degree in journalism and French Studies from New York University.

Read Tom's full bio

Read the latest from Tom Brant