Malware attack strikes, posing as Skype password change notification

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

Password lock icon. Image from ShutterstockIf Skype users didn’t have enough to worry about this week security-wise (with a worm spreading across the system), there’s now another threat to warn about.

Emails have been spammed out by cybercriminals, posing as messages from Skype, claiming that you have changed your password on the service.

Here’s an example of one such email (click on it for a larger version):

Malicious Skype email. Click for larger version

Sign up to our free newsletter.
Security news, advice, and tips.

If you look carefully, you may spot that the spammers made a clumsy spelling mistake:

Password successfully changed
Your new Skype password has been set.

You can now view your attached call history and inscturtions how to change your account settings.
If the changes described above are accurate, no further action is needed. If anything doesn't look right, follow the link below to make changes: Restore password
Talk soon,
The people at Skype

Perhaps surprisingly, the links really do point to the genuine Skype website at skype.com.

However, a file (Skype_Password_insctructions.zip) is attached to the email, and if you make the mistake of unzipping and executing its contents (Skype_Password_inscructions.pdf.exe) you run the risk of infecting your Windows computer.

The malware, which is detected by Sophos products as Troj/Backdr-HN, opens a backdoor onto your computer, giving remote hackers access to your system.

The danger is, of course, that users worried by the recent worm will be frightened that their Skype password has been changed without their consent, and open the attachment – and thus infect their PC.

As always, be on the lookout for unsolicited suspicious emails and always be wary of opening attachments which arrive out of the blue. In this case, the file is using the well-known “double extension trick” to dupe the unwary into believing that they might be clicking on a PDF rather than executable code.

Thanks to SophosLabs researcher Julie Yeates for her assistance with this article.

Lock image from Shutterstock.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.