Researchers recently spotted a malvertising campaign that used poisoned ads on Skype to redirect users to the Angler exploit kit.
Karmina Aquino, a security expert at F-Secure Labs, explains in a blog post how she and her colleagues came across something unusual while they were analyzing a malvertising campaign launched via the AppNexus ad platform (adnxs.com)
“One of the platforms for infection that we observed was Skype. It was interesting to note that having the ad displayed in a platform external to the browser did not mean that the browser was no longer accessible and thus the user could no longer be affected.”
Further analysis revealed that the campaign leveraged ads posted on a number of other websites, including shopping sites (ebay.it), gaming forums (wowhead.com, gsn.com, zam.com, wikia.com), news sites (dailymail.co.uk), and online internet portals such as msn.com, to redirect users to a landing page for the Angler exploit kit.
In this particular campaign, Angler downloaded and infected each user with TeslaCrypt ransomware.
Karmina writes that the malvertising campaign ended soon after she and her fellow researchers detected it. But we would be remiss to think that we have seen the last of Skype-based malvertising attacks.
Indeed, the video chat technology, which uses a non-browser application to displays ads to users, has been leveraged by attackers to disseminate malicious ads for three years in a row.
Back in early 2014, a user posted to Bleeping Computer how researching a particular pop-up ad in Skype via Google Search revealed that the popular video chat software’s ad service had been compromised.
Approximately one year later, Skype users were exposed to a series of malicious ads that masqueraded as fake Adobe Flash, Java, and QuickTime updates.
This latest campaign clearly demonstrates that platforms that display ads, even when they are not the browser, are not immune from malvertising.
With that in mind, it would be a good idea to install an ad-blocker to protect against those pesky browser-based apps. Installing an anti-virus solution will provide added protection if attackers decide to migrate their ads to non-browser applications.
In either scenario, it is best that you refrain from clicking on an ad, as you have no idea where it might take you.
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.