We’ve seen numerous reports from security solutions firm regarding the campaigns that target Syrians. Trend Micro experts provide another example of a malicious plot, this time leveraging a so-called Skype Encription application.
Advertised as a product made by IT Security Lab to encrypt communications, in reality, Skype Encription
hides the DarkComet RAT that’s been used in other similar schemes.
After analyzing the shady application, experts found that it may have been developed by SyRiAnHaCkErS
So how does the plot work?
First, users are presented with the site from which Skype Encription
can be downloaded. Once it finds itself on a computer, Skype Encription v 2.1.exe
, identified as BKDR_METEO.HVN,
connects to a server from which it downloads skype.exe
, which is actually a backdoor called BKDR_ZAPCHAST.HVN.
This backdoor is the Remote Access Trojan known as DarkComet, which can allow the masterminds of the operation to take full control of the infected system.
Two important things must be mentioned. The shady Skype Encription
program is not only a piece of malware, but it doesn’t offer any of the features it promises. Experts found that it does not encrypt communication in any way.
Furthermore, Skype uses AES encryption on audio, video and text communications, which means that users shouldn’t worry about encrypting messages with third party apps.
It’s clear that Syrians continue to be targeted and these threats will become more vicious. That is why Syrians, or anyone interested in particular pieces of software, should be wary before rushing to install programs.
Many applications, especially those that purport to come from the websites of important security solutions providers, are often found to hide malicious elements. That is why, the best thing users can do is download software only from the vendor itself or from trusted websites.