Skype Users Falling Victims of Information-Stealing Trojan

Skype warned its users about a Trojan program that steals login credentials through various social engineering tactics.

The malware, called 'Skype Defender', pretends to be a security solution. After infecting the PC, the Trojan prompts its user to login to his/her Skype account. The malware even displays a fake Skype login page, the company warned.

When an unsuspecting user submits the username and password of his Skype account, the Trojan shows a false message saying the credentials are unrecognized. But at the back of the scene, this information is transmitted to a Website under a hacker's control. By fraudulently accessing the Skype account of the user, the hacker could reach the user's SkypeOut credit and possibly resell it. The compromise of Skype accounts also opens doors to the PayPal accounts, through which the credits are paid off.

The alert took five weeks to come after Skype admitted that the Trojan Ramex.a was infecting PCs running the VoIP program. Some users of Skype had been getting the links leading to sites supporting the Trojan malware over instant messages, security researchers said.

The particular PWS-Pykse Trojan spreads only via user interaction, McAfee Inc. Researcher, Pradeep Govindaraju, said on the security blog of the company. PCWorld published this in news on October 17, 2007.

According to the researcher, the Trojan uses social engineering tricks to convince the victim who willingly executes the malware and gets directed to dubious forums or Websites.

A cautious Skype user would likely notice the dissimilarity between the displayed login window and the normal one, Govindaraju added. It is even clearer as the options and hyperlinks on the false window do not function.

Lately, Skype's IM users have at times been exploited as a medium to spread malicious code, although all the attempts failed. A more serious threat is the Skype-B Trojan, because it leads to financial loss for the victim, a situation favoring the preference of financially motivated attackers.

Websense has described the scam as a triple threat because firstly- it is a spam, secondly- it uses social engineering techniques, and finally, it tries to pick money.

Related article: Skype Plugs Critical Security Hole

» SPAMfighter News - 11/3/2007