Skype users have been targeted in a wave of fake Adobe Flash in-app adverts that, when activated, deliver ransomware payloads to Microsoft Windows-based PCs.
The attacks would be the latest in a series of attacks that compromise advertising networks in order to deliver malware to end users.
The complaints have been aired on social media networking website Reddit. The users suggest that the adverts were pushed via adverts in Skype's ad-supported app, rather than via the Skype website, which users can also log-in to in order to use the communications app.
It is believed that the attack was intended to propagate the Locky ransomware, given the way in which the payload is downloaded. The gang behind Locky regularly register and deregister domains in a bid to stay ahead of security researchers and to avoid detection and, potentially, identification.
In a statement, Microsoft urged users to exercise caution: "We're aware of a social engineering technique that could be used to direct some customers to a malicious website. We continue to encourage customers to exercise caution when opening unsolicited attachments and links from both known and unknown sources and install and regularly update anti-virus software."
Locky is one of the most widely propagated forms of ransomware. In a campaign last autumn, the attackers sought to spread the malware via email phishing campaigns using malicious Windows Script File (WSF) attachments.
WSF files are designed to allow a mix of scripting languages in a single file, and are opened and run by the Windows Script Host. Files with the WSF extension are not automatically blocked by some email clients and can be launched like an executable file, hence their popularity with the propagators of malware.
Join V3's sister site Computing in London on 4 May for the Cyber Security Strategy Briefing 2017 for the Financial Sector.
Speakers include Adam Koleda, IT director of insurance firm BPL Global; Peter Agathangelou, associate director of Hamilton Fraser Insurance; and, Dr Kuan Hon, consultant lawyer at law firm Pinsent Masons.
Attendance is free to qualifying IT professionals and IT leaders - register now!
FBI briefing US companies to dump Kaspersky, claiming intelligence prove it a 'threat to national security'
Kaspersky rejects FBI accusations that its products are a 'threat to national security'
But breached contractor says that it simply didn't have that much data
EE follows Three in threatening legal action against Ofcom - but for entirely different reasons
The One X is already sold out at several retailers