If you support us through Liberapay, please see this important post.
You can sign up to get a daily email of our articles, see the Mailing List page!
Support us on Patreon to keep GamingOnLinux alive. This ensures we have no timed articles and no paywalls. Just good, fresh content! Alternatively, you can donate through Paypal!
"goo.gl" virus on skype - how does it send the messages?
Guppy commented on 2 July 2018 at 6:48 am UTC

So yesterday a friend writes to to ask about a link I've sendt on skype ( which I haven't used for 3-4 years, except to make video call to my sons when I'm away ).

Now the strange thing is I've skype installed on only on my LDMDE box at work ( which was off ) and on my phone.

All guides I've found online suggest that it's a trojan on window and offers paid software to remove it.

So I'm left with three possible vectors for the messages;

  • My android phone is hacked
  • My skype accounts password has been stolen
  • Skype has once again had a protocol vulnerability that allows random people to send messages to your contacts

#3 would've made the headlines I think.
#2 they would have changed password and/or abused my credit cards.

So it's quite possible nr 1 - but how the f... do I check that?
I only ever install apps from the playstore but then there are a number of remote code execution vulnerabilities on android so..

Guppy commented on 2 July 2018 at 7:33 am UTC

Installed Bit defender and Malware bytes on the phone - both gave the all clear, added two step auth on my microsoft acc. which I certain to regret soon enough

kaiman commented on 3 July 2018 at 8:42 pm UTC

I've been getting two of those in the last week, coming from my wife's Skype account. Only, she hasn't used that account for years, and I don't think it's even active on any of our devices any more. Perhaps the accounts sending these messages have been hijacked?

Guppy commented on 4 July 2018 at 7:12 am UTC

kaimanI've been getting two of those in the last week, coming from my wife's Skype account. Only, she hasn't used that account for years, and I don't think it's even active on any of our devices any more. Perhaps the accounts sending these messages have been hijacked?

The official stance from microsoft is that 3rd party have obtained the email/password because you've used it on other sites aswell.

Now granted my email is found in a few leaks as confirmed by https://haveibeenpwned.com;

adobe
gpotato
Unreal engine
antipublic ( dupes of the above )
Exploit.In ( same )

As all of the above leaks have been made accessible via torrents I know for a fact that none of them used the same password as I use for my microsoft account.

It's of course possible that they cracked the password through other means, but I would think they would have been more creative with the possibilities - especially given that there was potential for creditcard fraud.

Even so I've added 2-step auth that way if/when it happens again at least I have proof that they are wrong

If you wife does not use her account you should delete it and/or add 2-step

razing32 commented on 5 July 2018 at 8:43 pm UTC

Would be curios how they got in , in the first place.
Do you mind me asking what service was the email on ?

g000h commented on 5 July 2018 at 10:15 pm UTC

It's probably worth thinking outside the box - For instance, maybe the hacking is on your router, and that is the attack vector instead.

Guppy commented on 11 July 2018 at 9:19 am UTC

Aaand it happened again - this time atleast I discovered it rather fast because the translated replied that I needed to add more people to the converstation

So it seems that two factor auth is not a solution here

Guppy commented on 11 July 2018 at 10:58 am UTC

Spendt way to long talking to MS support -.-'

Aparently even though I sign into my skype account using the same email and password as my microsoft/live/xbox account they are in no way linked* - you need to create a NEW microsoft account and link you skype account to it and enable 2FA for that.

Due to spam you need to Register and Login to comment.


Or login with...

Livestreams & Videos
Community Livestreams
See more!
Popular this week
View by Category
Contact
Latest Comments
Latest Forum Posts