Emails that appear to come from Skype administrators come with an attached ZIP file that can infect Windows machines, according to the security firm Sophos.
The bogus email tells users that their Skype password has been changed. It contains a link to reset the password that does, in fact, send users to the Skype website. But a ZIP file attached to the email contains a Trojan horse that opens a backdoor that lets hackers in to Windows machines.
The ZIP file contains a file with a double extension: Skype_Password_inscructions.pdf.exe [sic]. Users who focus on the PDF extension rather than the .exe extension may be more inclined to open the malware, even though PDF files can also contain malware.
As SocialTimes reported, hackers are also sending instant messages over the Microsoft-owned Skype software to spread another backdoor Trojan.
According to Chester Wisniewski, a senior security advisor at Sophos, hackers target Skype largely because the service has such a large user base.
“The vast majority of scams, whether in an email or through instant messaging on the service, are social engineering, not bugs in the Skype software,” Wisniewski said in an email. “That is not to say there is nothing they could do. Many of these attacks use the same messages to users over and over and you would expect them to implement a fraud/spam filter to look for these known attack patterns.”
Microsoft did not immediately respond to a request to comment.