Skype users are being targeted by a worm that downloads malware to their PCs, and may even demand money to regain use of their machines.
The malware Trojan allows hackers to take control of infected computers and use them as part of botnets, but security researchers have warned that the Trojan can also download "ransomware" to infected PCs.
Affected users risk being locked out of their computers, and forced to hand over money in order to regain access to their data.
The Skype worm spreads by convincing users to click on messages with a link to the malware. The link usually refers to a user's new profile picture, with text such as "lol is this your new profile pic?".
According to security researchers at security vendor Sophos, the link then downloads a zip file, which contains a Trojan. The Trojan allows hackers to control the infected PC remotely over HTTP. The malware, according to Sophos' Graham Cluley, is a version of the Dorkbot worm.
The worm has been spreading for some time via other social networks including Twitter and Facebook, and could also spread via USB sticks, Cluley warned. But Skype users might be less wary of clicking on links than users of services such as Facebook, he suggested.
"We are aware of this malicious activity and are working quickly to mitigate its impact," the company said in a statement. "We strongly recommend upgrading to the newest Skype version and applying updated security features on your computer. Additionally, following links - even when from your contacts - that look strange or are unexpected is not advisable." Skype has also issued more detailed security advice to its users.
So far, only Windows PC users appear to have been targeted by the attack.
-
2026 in IoT attacks: the biggest threats so far and what businesses can doIn-depth Internet of Things devices are more useful than ever – but security is still playing catch-up
-
Anthropic is increasing Claude Code usage limits — here’s everything you need to knowNews The new deal will help Anthropic increase Claude Code usage limits, and API rate limits for Claude Opus models
-
Ransomware negotiator sentenced for role in major cyber crime groupNews Deniss Zolotarjovs was a key player in a group associated with Conti
-
North Korean hackers are duping freelance developers with fake interviews to steal cryptocurrency and deliver malware — Sophos warns the 'Nickel Alley' group is using LinkedIn, Upwork, and Fiverr to target victimsNews A fake interview process uses coding tests and repo downloads to deliver malware
-
Threat actors ditch ‘spray and pray’ attacks in shift to targeted exploitationNews A dip in ransomware volumes points to a more targeted approach focused on vulnerability exploitation
-
Security leaders overconfident about ransomware recoveryNews Few manage to recover all their data, and many experience business disruption
-
German authorities want your help finding the hackers behind GandCrab and REvilNews Daniil Maksimovich Shchukin and Anatoly Sergeevitsch Kravchuk are believed to have made millions from ransomware as a service schemes
-
The rise of teen hackers ‘makes for a good headline’, but cyber crime activities peak later in life
News With family responsibilities and mortgages to pay, it's not teenagers dishing out malware or carrying out cyber extortion
-
Ransomware gangs are using employee monitoring software as a springboard for cyber attacks
News Two attempted attacks aimed to exploit Net Monitor for Employees Professional and SimpleHelp
-
Ransomware gangs are sharing virtual machines to wage cyber attacks on the cheap – but it could be their undoingNews Thousands of attacker servers all had the same autogenerated Windows hostnames, according to Sophos
