The shady files have a .exe extension instead of .rmskin
deviantART users should be on the lookout if they want to download Rainmeter skins, since security experts noticed that some of them actually hide dangerous pieces of malware.Chris Boyd of GFI Labs has found a number of instances in which the regular .rmskin files are replaced with malicious executable files.
A large variety of shady skins, including Mass Effect, Chuck Norris and Iron Man, wait for unsuspecting customers to download them. However, there are certain clues that give away the true identity of such malevolent elements.
First, as we’ve mentioned before, they’re .exe files. This is a clear indicator that something is fishy.
Users who post the fake skins have disabled comments to ensure that other potential victims cannot be warned.
Recently registered accounts with few uploads, some of which possibly taken from other members, also hint to a threat.