Malware Targets Skype Users, Records Conversations (softpedia.com)

← Back to Stories (view on slashdot.org)

Malware Targets Skype Users, Records Conversations (softpedia.com)

Posted by timothy on Sunday February 7, 2016 @01:42PM from the nosey-little-devils dept.

An anonymous reader writes: A new backdoor trojan is making the rounds, coming equipped with features that allow it to steal files, take screengrabs, and record Skype conversations. Currently detected targeting US organizations, researchers linked it to previous malware developed by a Chinese cyber-espionage group called Admin@338. Besides recording Skype conversations, the malware can also steal Office documents, and includes a complicated installation procedure that allows it to avoid antivirus software installed on the machine.

49 comments

Min score:

Reason:

Sort:

no need for malware by Anonymous Coward · 2016-02-07 13:53 · Score: 5, Informative

It can already spy on you out of the box.
On 10 November 2014, Skype scored 1 out of 7 points on the Electronic Frontier Foundation's secure messaging scorecard. Skype received a point for encryption during transit but lost points because communications are not encrypted with a key the provider doesn't have access to (i.e. the communications are not end-to-end encrypted)
Chinese, Russian and United States law enforcement agencies have the ability to eavesdrop on Skype conversations, as well as have access to Skype users geographic locations. This ability was deliberately added by Microsoft after they purchased Skype in 2011.
TL;DR = Skype is a privacy clusterfuck. It is already well and thoroughly backdoored. Adding another back door is akin to adding a second screen door to your submarine.
1. Re:no need for malware by sims+2 · 2016-02-07 14:07 · Score: 0
  
  Why would anyone even care about your Skype conversations? Is this like for black mail purposes or do people really discuss state secrets using Skype?
  Just to note I haven't used Skype since 2007. So maybe it has a trade state secret function now but when I used it all it could do was make voice and video calls also sms for a extra fee. But that's been almost 10 years ago now.
  As for why I haven't used it since 2007? My cell phone has unlimited nationwide calling/sms/mms.
  
  --
  Minimum threshold fixed. Thanks!
2. Re:no need for malware by Anonymous Coward · 2016-02-07 14:19 · Score: 1
  
  People do sexytime over Skype, my wife and I use it that way sometimes when I'm on the road. So yeah, probably blackmail purposes. Intercept a Senator or a big CEO and his wife (or even better? his boyfriend) and now you have some power.
  You're not missing anything not using Skype, but these days it's almost all free domestically, and good high quality video chat. Of course the tradeoff is NSA is tapped directly in and recording every second.
3. Re:no need for malware by Anonymous Coward · 2016-02-07 14:24 · Score: 0
  
  Well this Swiss stock broker is dumb enough to still use Skype! See the "Call us on Skype" link at the bottom!
  https://www.strateo.ch/
  Imagine all the password resets, all the stock tips, all the advance information on stock buys available to anyone who can intercept those. That is even before we get into identity fraud and more general market advance knowledge.
  I too stopped using Skype, post Snowden. I think Microsoft quote hundreds of millions of accounts, but I don't know how active those are, it's not something that's trusted for communications now.
4. Re:no need for malware by Ol+Olsoc · 2016-02-07 14:26 · Score: 3, Interesting
  
  Skype is a privacy clusterfuck. It is already well and thoroughly backdoored. Adding another back door is akin to adding a second screen door to your submarine.
  Skype is a security danger even if you don't have it running. You have to uninstall it.
  Possibly one of those cases when if you put a backdoor in "for the good guys", the bad guys will discover it and use it, in the end, decreasing security. Get rid of it, because even if you have nothing to hide, you're just opening your computer up to the world.
  
  --
  The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
5. Re:no need for malware by Anonymous Coward · 2016-02-07 14:29 · Score: 2, Insightful
  
  Skype is a standard tool that is upwards of 10% of 2 way streaming. A lot of interesting people use it. Hacking those people is money in the bank. You need a better question.
6. Re:no need for malware by Ol+Olsoc · 2016-02-07 14:33 · Score: 1
  
  Why would anyone even care about your Skype conversations? Is this like for black mail purposes or do people really discuss state secrets using Skype?
  Read AC's links On Linux, the backdoors give access to all your passwords, and on everything will access your address book even when you tell it not to - shades of Windows 10 telemetry. Now imagine when coupled with some service like Linkedin, where you give them your email passwords so Linkedin can harvest your address book. Fun fun for everyone.
  You put a backdoor in software for the good guys, it's only a matter of time until the bad guys have it as well.
  
  --
  The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
7. Re:no need for malware by Antique+Geekmeister · 2016-02-07 15:08 · Score: 4, Informative
  
  It is also more effective on smart phones, tablets, and on multiple operating systems than most other voice tools. It's used regularly for business planning meetings when a telephone call is notably more expensive, especially for international teleconferences, and it's used for remote conferencing when a landline or cell reception does not work well. I've found it very effective noisy rooms, with a good pair of headphones and careful use of the "mute" button.
8. Re:no need for malware by Anonymous Coward · 2016-02-07 20:05 · Score: 1
  
  Yes, why would anyone care? Microsoft, the NSA and GCHQ already records it all anyway.
9. Re:no need for malware by wonkey_monkey · 2016-02-07 21:19 · Score: 1
  
  Why would anyone even care about your Skype conversations?
  Just because your Skype conversations are inane and intrinsically worthless, doesn't mean everyone else's are.
  
  --
  systemd is Roko's Basilisk.
10. Re:no need for malware by Anonymous Coward · 2016-02-07 21:23 · Score: 0
  
  > You put a backdoor in software for the good guys, it's only a matter of time until the bad guys have it as well.
  Plus: whatever "good guys" is. Your "good guys"? My "good guys"? Bachar AL Assad's "good guys"? Putin's "good guys"? Marine LePen's "good guys" (once she's in power, dystopia 2024)? Viktor Orban's "good guys"? Kim Jong Un's... bah. You get the idea.
11. Re:no need for malware by GNious · 2016-02-07 23:02 · Score: 1
  
  In my previous job, I refused to accept anyone joining my conf-calls using Skype - the audio quality was horrendous, and when you're conferencing in people from around the globe, with lots of different accents and differing levels of English, you need every bit of clarity you can get.
  In the current job, we're allowing Skype, but the one time we ended up using it, we still had to give up due to dropouts and general quality.
12. Re:no need for malware by Anonymous Coward · 2016-02-07 23:23 · Score: 0
  
  not everyone lives under a rock though...
  I'm a researcher. I travel a lot and use skype to talk to family and colleagues back home. I collaborate also with Chinese researchers.
  When I skype from Shanghai with a colleague in Europe, I may want to talk about different projects, but if the Chinese are actively listening in, it may be better not to do this. What I discuss are not state secrets, and its not even very important research, but still, it could be worth something to the right people.
  I would rather keep my discussions private, as they were intended, and as they should be.
13. Re:no need for malware by LaurenCates · 2016-02-08 00:27 · Score: 1
  
  Depends on how valuable you are, and, if you're a high-level muckety-muck that feels inconvenienced by security regulations, well, you might just forego going secure because it's too much trouble (you think Hillary Clinton is the only high-level muckety-muck that's skirted security regulations for reasons that suited them?).
  
  --
  Some people don't believe in fairies. I don't believe in The Patriarchy.
14. Re:no need for malware by Anonymous Coward · 2016-02-08 01:46 · Score: 0
  
  In my previous job, I refused to accept anyone joining my conf-calls using Skype - the audio quality was horrendous, and when you're conferencing in people from around the globe, with lots of different accents and differing levels of English, you need every bit of clarity you can get.
  In the current job, we're allowing Skype, but the one time we ended up using it, we still had to give up due to dropouts and general quality.
  Hmm.. not my experience but I would be very interested in knowing what the alternative that worked so much better is?
15. Re:no need for malware by The-Ixian · 2016-02-08 05:10 · Score: 1
  
  I know that this is anecdotal but I have never had an issue with Skype. As a matter of fact, it works better than every other VoIP product I have tried.
  I just wish they would separate out the chat component into a stand-alone product though... I hate having a Skype chat with someone and then find 100 unread messages on my phone...
  
  --
  My eyes reflect the stars and a smile lights up my face.
16. Re:no need for malware by KGIII · 2016-02-08 06:56 · Score: 1
  
  I don't really use all the features but I'm told they're all pretty good. I only use it to communicate with a few people. What is it? uTox or, in my case, qTox.
  http://utox.org/
  I guess it does what Skype does (whatever that is - it was "famous" for being able to get around firewalls last time I paid attention to it) but it's really encrypted.
  
  --
  "So long and thanks for all the fish."
17. Re:no need for malware by Anonymous Coward · 2016-02-08 07:07 · Score: 0
  
  Skype is a virus! So now viruses can be targeted by malware!?
18. Re:no need for malware by Ol+Olsoc · 2016-02-08 09:13 · Score: 1
  
  Plus: whatever "good guys" is. Your "good guys"? My "good guys"? Bachar AL Assad's "good guys"? Putin's "good guys"?
  For certain. And seeing the gaping back doors in Skype, I would never allow it on any machine except one that has nothing else on it. No email, no passwords, no credit card purchases. Skype is that much of a threat to the user. Kind of like what I did with a Windows 10 computer. I set it up to learn about W10, but decided to keep it separate from everything else. The entire Windows ecosystem wants to know everything about you, and the door is wide open.
  
  --
  The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
19. Re: no need for malware by Anonymous Coward · 2016-02-08 09:33 · Score: 0
  
  Google Hangouts is fantastic, you can conference up to 25 people and great audio and video quality.
20. Re: no need for malware by Anonymous Coward · 2016-02-08 09:35 · Score: 0
  
  Google Hangouts has fantastic audio and video quality
21. Re: no need for malware by Anonymous Coward · 2016-02-08 09:40 · Score: 0
  
  My new firm insisted on using Skype, and they are a security analyst firm! I pulled out my old account and grudgingly started using it again, voicing my concerns.
  As few weeks later, Skype wasnâ(TM)t logged in or running, all my Skype contacts, including work contacts, start getting malware-ridden spam links coming from me. As I security researcher, it was just embarrassing. I was livid, had MS permanently delete my account and vowed to never use it again.
22. Re: no need for malware by Ol+Olsoc · 2016-02-08 10:07 · Score: 1
  
  As few weeks later, Skype wasnâ(TM)t logged in or running, all my Skype contacts, including work contacts, start getting malware-ridden spam links coming from me..
  Ugh! I've heard that Skype accesses your email recipients - even if you tell it not to So there's the proof that it does, and that not only Microsoft and law enforcement have the keys to the kingdom now.
  
  --
  The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
23. Re: no need for malware by Anonymous Coward · 2016-02-08 10:13 · Score: 0
  
  Google Hangouts is fantastic, you can conference up to 25 people and great audio and video quality.
  ok, difficult to judge from anecdotal experience of course, but I've had far more problem with Hangout connection quality (including connecting at all through various firewalls/corporate network rules you don't control) than with Skype for various global video-meetings (mostly EuropeAsia).
No it was added *prior* to Microsoft by Anonymous Coward · 2016-02-07 14:19 · Score: 1

Nah, the PRISM additions were just *before* the purchase.
I bet *adding* it was what made Skype worth so much to Microsoft. Imagine all that hidden money they receive for intercepting voice and messaging calls from three and four letter agencies. No competition, since you're not competing for visible revenue.
Ka-chink!
Re:This is why I own a Mac by Anonymous Coward · 2016-02-07 14:31 · Score: 0

That is probably true RIGHT NOW but not for any reason you can point to with any future-looking prediction certainty.
Re:This is why I own a Mac by Anonymous Coward · 2016-02-07 14:34 · Score: 0

Oh yikes a post on /. speaking positive of an Apple product, MAYDAY MAYDAY.. MOD DOWN!! MOD DOWN!!!
Must be a Windows feature... by Anonymous Coward · 2016-02-07 14:39 · Score: 0

Come and get a free virus, anti-virus software not needed.
Chinks by Anonymous Coward · 2016-02-07 14:49 · Score: 0

Good for nothings that you can't trust.
Skype trojan silently installs on machines .. by tetraverse · 2016-02-07 14:58 · Score: 0

Microsoft Windows strikes again ..
1. Re:Skype trojan silently installs on machines .. by Anonymous Coward · 2016-02-07 15:38 · Score: 2, Informative
  
  It uses old CVEs from 2012 and Feb-2015 to install so clearly the organizations they're targeting aren't keeping up to date on their patches.
2. Re:Skype trojan silently installs on machines .. by Anonymous Coward · 2016-02-07 16:12 · Score: 0
  
  look it at this amazing thing. its a computer. it will let you store, analyze and communicate your information. by communicate i mean everywhere
  there are humans. and by information i mean text, pictures, movies, audio, scientific data, business records - basically anything you can imagine.
  sounds amazing, really fantastic, where do i get started.
  just get this thing, it will cost you about housing for a month or less.
  oh, this is amazing, i can't imagine how i lived without it. whole vistas of...umm, it keeps asking me if i want my penis bigger.
  oh, shit, it just threw away my last months work. it says it needs an update, and...no, no it won't start again.
  damn you, damn you all
Bullshit by Anonymous Coward · 2016-02-07 15:41 · Score: 0

It's totally unusable on Android, the video locks up regularly, it can just about do audio, but then a lot of messaging clients do that better.
1. Re:Bullshit by Zontar+The+Mindless · 2016-02-08 00:16 · Score: 1
  
  Has always worked pretty well for me on a number of Android devices (as well as Linux desktops, and Windows, too, back in the day). Could be the quality of your hardware and/or connection.
  
  --
  Il n'y a pas de Planet B.
Installation by PNutts · 2016-02-07 16:10 · Score: 1, Troll

Considering what it takes to get Skype for Business up and running it's ironic that the malware is described as having a complicated installation procedure.
wow... by ushere · 2016-02-07 17:43 · Score: 0

i bet my wife's conversation with our daughter must be riveting... really, if you're worried about security DON'T use the net.
Re:Skype calls are already recorded... by Anonymous Coward · 2016-02-07 18:42 · Score: 0

Pretty much sums up my feeling about it too.
"Oh look! look! The evil Chinese hackers are hacking! That totally justifies us doing everything we claim is evil! At least we don't have a red flag!"
Re:This is why I own a Mac by Anonymous Coward · 2016-02-07 21:59 · Score: 0

> From cryptolockers to this and all the hundreds before them. Windows is simply not secure as a Mac ...as far as you know, that is. Or have you access to the secret sauce?
Why back doors for Govt are a bad idea by sasparillascott · 2016-02-08 01:17 · Score: 2

This is what happens when you have an "encrypted" system with a built in backdoor for the government - and this is why that is a bad idea.

http://www.theguardian.com/wor...
What a hilarious warning by Anonymous Coward · 2016-02-08 01:29 · Score: 0

considering that Skype already fits the definition of spy-ware. If you use Skype, who you talk to and what you talk about, will be known to Microsoft and thus the U.S government.
Windows only? by mspohr · 2016-02-08 05:08 · Score: 1

It's not clear from the article, but the "complicated installation procedure" makes reference to a bunch of Windows anti-virus software and shows how it goes from RTF to EXE to DLLs which would seem to imply that this is Windows only (as usual).
Anybody know?

--
I don't read your sig. Why are you reading mine?
making conversation via skype by Anonymous Coward · 2016-02-10 15:38 · Score: 0

I heard this before, fortunately and some groups that learning chinese always making conversation with chinese friend over skype under Preply http://preply.com/en/chinese-by-skype and things just go fine.