Threat Management, Incident Response, Malware, Network Security, TDR

F-Secure: New malvertising campaign delivers ransomware via Skype, browsers

Researchers at F-Secure have detected a malvertising campaign that delivers phony online ads to not only traditional browser platforms but also the Skype video chat application.

The malicious ads are distributed via the AppNexus ad platform (adnxs.com). Users who click on them are redirected to a landing page for the Angler exploit kit, which then downloads TeslaCrypt ransomware. Historically, TeslaCrypt ransom demands have asked victims for $500 in bitcoins in order to unlock encrypted files.

F-Secure initially noted in a blog post that the campaign ended very quickly, peaking over a period of five hours spanning Feb. 9 and 10. However, Karmina Aquino, senior manager of threat research at F-Secure, told SCMagazine.com in a Thursday email correspondence, “I checked our telemetry again this afternoon and the activity has resumed, which still show[s] evidence of Skype displaying the malicious ads.”

Users who have been victimized via their browsers encountered the malicious advertising while visiting one of several targeted websites, including Italian online marketplace eBay.it, gaming sites Wowhead, GSN.com, ZAM and Wikia.com, the news site Daily Mail Online and the MSN.com Internet portal.

Clicking the ad from Skype, on the other hand, launches the user's default browser, and so the effect would be the same, explained Aquino, adding, “These activities have not led us to conclude that Skype is the main target of the attackers; rather, the infection that happened through Skype is just a side effect because Skype uses the same ad platform that the attackers compromised.”

Bradley Barth

As director of community content at CyberRisk Alliance, Bradley Barth develops content for SC Media online conferences and events, as well as video/multimedia projects. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.