Users of the popular video chat and messaging application Skype are being targeted by a round of ransomware and click fraud that is being sent around as a message from contacts. The message reads "lol is this your new profile pic?" and is then followed by a link. The link downloads a zip file, which contains an executable that infects the system.
The executable opens up a Java exploit using BlackHole 2.0. The system is then locked down via the ransomware and displays a message requesting money. GFI, the company that first reported this latest wave, explains how it works:
The above is a typical Ransomware scare message that locks the user out of their data, encrypts the files and demands payment (via Moneypak) to the tune of $200. The IP address and geographical location is displayed in the bottom right hand corner, along with various threats related to the downloading of MP3s, illegal pornography, gambling and more besides.
The ransomware also simulates legitimate clicks on websites and such to generate ad revenue for the creators of the ransomware. Not only are you having to pay to unlock the system, but your computer generates money for the creators even if you don't pay up. Microsoft has responded to the issue:
"Skype takes the user experience very seriously, particularly when it comes to security," a Skype spokesperson told The Next Web. "We are aware of this malicious activity and are working quickly to mitigate its impact. We strongly recommend upgrading to the newest Skype version and applying updated security features on your computer. Additionally, following links - even when from your contacts - that look strange or are unexpected is not advisable."