Several users have complained that ads served through Microsoft’s Skype app are serving malicious downloads, which if opened, can trigger ransomware.
News of the issue came from a Reddit thread on Wednesday, in which the original poster said that Skype’s home screen — the first screen that shows up on consumer versions of the software — was pushing a fake, malicious ad, purporting to be a critical update for the Flash web plug-in.
According to the thread, the ad triggered a download of an HTML application, designed to look like a legitimate app. The app, when opened, would download a malicious payload, which locks the user’s computer and encrypts its files for ransom.
Many other users in the past few days have also complained of similar issues with Skype’s in-app ads, with at least two other people having the same “fake Flash” ad into Thursday.
Knowing it was malicious, the user didn’t run the app but instead deconstructed and posted the code…