Security

Skype Trojan poses as the real McCoy to steal your password

A new password-stealing Trojan that targets Skype is on the loose. It poses as a security plug-in for the popular VoIP service but instead presents its own log-in screen to steal your user name and password.

A new password-stealing Trojan that targets Skype has been spotted in the wild. It poses as a security plug-in for the popular VoIP service but instead presents its own log-in screen to steal your user name and password.

The Trojan calls itself "Skype-Defender," and other than attempting to steal your Skype user name and password, it also swipes clean all user names and passwords saved in Internet Explorer.

According to eWeek:

The malware isn't spreading by itself. Rather, its author is posting it on "dodgy" sites or forums and relying on users to be tricked into executing it. After execution, the Trojan disables running instances of Skype and swaps in its fake Skype log-in window. If the victim enters a user name and password, the malware captures them and any others saved in IE and posts the information via HTTP to a Web site for the malware author to retrieve.

One way to distinguish the Trojan is that none of the hyperlinks work on the fake log-in screen. Also, the Trojan has a sign-in button with a metallic gray border, whereas Skype's log-in button has a red border.

Do you use any third-party Skype plug-ins?

About

Paul Mah is a writer and blogger who lives in Singapore, where he has worked for a number of years in various capacities within the IT industry. Paul enjoys tinkering with tech gadgets, smartphones, and networking devices.

2 comments
al
al

How Can i check if i have ever had this trojan installed? Thanks for bringing tis to our attention

paulmah
paulmah

Do you use any third-party Skype plug-ins?