Malware that’s designed to download additional threats onto infected computers is being distributed by cybercriminals with the aid of fake Skype emails.
The malicious notifications carry the subject line “Skype Missed voice message” and they read something like this:
You have received a voice mail message.
Message length is 00:01:18.”
According to Dynamoo’s Blog, a malicious executable is hidden inside an archive (Skype-message.zip) attached to the email. Once it infects a device, the malware starts communicating with a compromised server.
At the time of writing, most antiviruses are capable of identifying and mitigating the threat. However, since the cybercriminals behind this operation will likely launch a new variant of the malware, users are advised to avoid clicking on links or attachments contained in suspicious emails.
This is not the only type of fake Skype voicemail notification that’s being used to distribute malware. Back in November 2013, similar emails were making the rounds. However, at the time, instead of an attachment, users were instructed to click on a link.