Slashdot Mirror

← Back to Stories (view on slashdot.org)

Malware Targets Skype Users, Records Conversations (softpedia.com)

Posted by timothy on from the nosey-little-devils dept.

An anonymous reader writes: A new backdoor trojan is making the rounds, coming equipped with features that allow it to steal files, take screengrabs, and record Skype conversations. Currently detected targeting US organizations, researchers linked it to previous malware developed by a Chinese cyber-espionage group called Admin@338. Besides recording Skype conversations, the malware can also steal Office documents, and includes a complicated installation procedure that allows it to avoid antivirus software installed on the machine.

20 of 49 comments (clear)

  1. no need for malware by Anonymous Coward · · Score: 5, Informative

    It can already spy on you out of the box.

    On 10 November 2014, Skype scored 1 out of 7 points on the Electronic Frontier Foundation's secure messaging scorecard. Skype received a point for encryption during transit but lost points because communications are not encrypted with a key the provider doesn't have access to (i.e. the communications are not end-to-end encrypted)

    Chinese, Russian and United States law enforcement agencies have the ability to eavesdrop on Skype conversations, as well as have access to Skype users geographic locations. This ability was deliberately added by Microsoft after they purchased Skype in 2011.

    TL;DR = Skype is a privacy clusterfuck. It is already well and thoroughly backdoored. Adding another back door is akin to adding a second screen door to your submarine.

    1. Re:no need for malware by Anonymous Coward · · Score: 1

      People do sexytime over Skype, my wife and I use it that way sometimes when I'm on the road. So yeah, probably blackmail purposes. Intercept a Senator or a big CEO and his wife (or even better? his boyfriend) and now you have some power.

      You're not missing anything not using Skype, but these days it's almost all free domestically, and good high quality video chat. Of course the tradeoff is NSA is tapped directly in and recording every second.

    2. Re:no need for malware by Ol+Olsoc · · Score: 3, Interesting

      Skype is a privacy clusterfuck. It is already well and thoroughly backdoored. Adding another back door is akin to adding a second screen door to your submarine.

      Skype is a security danger even if you don't have it running. You have to uninstall it.

      Possibly one of those cases when if you put a backdoor in "for the good guys", the bad guys will discover it and use it, in the end, decreasing security. Get rid of it, because even if you have nothing to hide, you're just opening your computer up to the world.

      --
      The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
    3. Re:no need for malware by Anonymous Coward · · Score: 2, Insightful

      Skype is a standard tool that is upwards of 10% of 2 way streaming. A lot of interesting people use it. Hacking those people is money in the bank. You need a better question.

    4. Re:no need for malware by Ol+Olsoc · · Score: 1

      Why would anyone even care about your Skype conversations? Is this like for black mail purposes or do people really discuss state secrets using Skype?

      Read AC's links On Linux, the backdoors give access to all your passwords, and on everything will access your address book even when you tell it not to - shades of Windows 10 telemetry. Now imagine when coupled with some service like Linkedin, where you give them your email passwords so Linkedin can harvest your address book. Fun fun for everyone.

      You put a backdoor in software for the good guys, it's only a matter of time until the bad guys have it as well.

      --
      The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
    5. Re:no need for malware by Antique+Geekmeister · · Score: 4, Informative

      It is also more effective on smart phones, tablets, and on multiple operating systems than most other voice tools. It's used regularly for business planning meetings when a telephone call is notably more expensive, especially for international teleconferences, and it's used for remote conferencing when a landline or cell reception does not work well. I've found it very effective noisy rooms, with a good pair of headphones and careful use of the "mute" button.

    6. Re:no need for malware by Anonymous Coward · · Score: 1

      Yes, why would anyone care? Microsoft, the NSA and GCHQ already records it all anyway.

    7. Re:no need for malware by wonkey_monkey · · Score: 1

      Why would anyone even care about your Skype conversations?

      Just because your Skype conversations are inane and intrinsically worthless, doesn't mean everyone else's are.

      --
      systemd is Roko's Basilisk.
    8. Re:no need for malware by GNious · · Score: 1

      In my previous job, I refused to accept anyone joining my conf-calls using Skype - the audio quality was horrendous, and when you're conferencing in people from around the globe, with lots of different accents and differing levels of English, you need every bit of clarity you can get.

      In the current job, we're allowing Skype, but the one time we ended up using it, we still had to give up due to dropouts and general quality.

    9. Re:no need for malware by LaurenCates · · Score: 1

      Depends on how valuable you are, and, if you're a high-level muckety-muck that feels inconvenienced by security regulations, well, you might just forego going secure because it's too much trouble (you think Hillary Clinton is the only high-level muckety-muck that's skirted security regulations for reasons that suited them?).

      --
      Some people don't believe in fairies. I don't believe in The Patriarchy.
    10. Re:no need for malware by The-Ixian · · Score: 1

      I know that this is anecdotal but I have never had an issue with Skype. As a matter of fact, it works better than every other VoIP product I have tried.

      I just wish they would separate out the chat component into a stand-alone product though... I hate having a Skype chat with someone and then find 100 unread messages on my phone...

      --
      My eyes reflect the stars and a smile lights up my face.
    11. Re:no need for malware by KGIII · · Score: 1

      I don't really use all the features but I'm told they're all pretty good. I only use it to communicate with a few people. What is it? uTox or, in my case, qTox.

      http://utox.org/

      I guess it does what Skype does (whatever that is - it was "famous" for being able to get around firewalls last time I paid attention to it) but it's really encrypted.

      --
      "So long and thanks for all the fish."
    12. Re:no need for malware by Ol+Olsoc · · Score: 1

      Plus: whatever "good guys" is. Your "good guys"? My "good guys"? Bachar AL Assad's "good guys"? Putin's "good guys"?

      For certain. And seeing the gaping back doors in Skype, I would never allow it on any machine except one that has nothing else on it. No email, no passwords, no credit card purchases. Skype is that much of a threat to the user. Kind of like what I did with a Windows 10 computer. I set it up to learn about W10, but decided to keep it separate from everything else. The entire Windows ecosystem wants to know everything about you, and the door is wide open.

      --
      The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
    13. Re: no need for malware by Ol+Olsoc · · Score: 1

      As few weeks later, Skype wasnâ(TM)t logged in or running, all my Skype contacts, including work contacts, start getting malware-ridden spam links coming from me..

      Ugh! I've heard that Skype accesses your email recipients - even if you tell it not to So there's the proof that it does, and that not only Microsoft and law enforcement have the keys to the kingdom now.

      --
      The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
  2. No it was added *prior* to Microsoft by Anonymous Coward · · Score: 1

    Nah, the PRISM additions were just *before* the purchase.

    I bet *adding* it was what made Skype worth so much to Microsoft. Imagine all that hidden money they receive for intercepting voice and messaging calls from three and four letter agencies. No competition, since you're not competing for visible revenue.

    Ka-chink!

  3. Re:Skype trojan silently installs on machines .. by Anonymous Coward · · Score: 2, Informative

    It uses old CVEs from 2012 and Feb-2015 to install so clearly the organizations they're targeting aren't keeping up to date on their patches.

  4. Installation by PNutts · · Score: 1, Troll

    Considering what it takes to get Skype for Business up and running it's ironic that the malware is described as having a complicated installation procedure.

  5. Re:Bullshit by Zontar+The+Mindless · · Score: 1

    Has always worked pretty well for me on a number of Android devices (as well as Linux desktops, and Windows, too, back in the day). Could be the quality of your hardware and/or connection.

    --
    Il n'y a pas de Planet B.
  6. Why back doors for Govt are a bad idea by sasparillascott · · Score: 2

    This is what happens when you have an "encrypted" system with a built in backdoor for the government - and this is why that is a bad idea.

    http://www.theguardian.com/wor...

  7. Windows only? by mspohr · · Score: 1

    It's not clear from the article, but the "complicated installation procedure" makes reference to a bunch of Windows anti-virus software and shows how it goes from RTF to EXE to DLLs which would seem to imply that this is Windows only (as usual).
    Anybody know?

    --
    I don't read your sig. Why are you reading mine?