This post is going to provide the ins and outs of a malware distribution campaign that’s going on for years. What makes it so prolific is the fact that it involves the immensely popular Skype application along with the legitimate goo.gl URL shortening service. This combo happens to facilitate the distribution of various malware strains on a large scale.
What is the Skype goo.gl virus?
To eliminate all misconception from the get-go, it’s noteworthy that the Skype goo.gl virus isn’t really an infection that resides on a specific computer – at least, not so until the user unknowingly takes some action. Instead, it is a phrase designating the common way that the targeted computer users refer to spam messages received via Skype chat. So, what is goo.gl and is it a malicious entity? No, it’s not harmful whatsoever. It is a reputable service that shortens uniform resource locator values, or in plain words, website addresses. People can simply go to that domain, enter the URL of any site and get a short link for it. While being convenient, this mechanism plays into threat actors’ hands. Here’s why.
Since the goo.gl feature is available to anyone and it has anonymity at its core, cybercriminals use it to obfuscate links that lead to malware downloads. Users do not see the full URL and run the risk of clicking on the booby-trapped hyperlink out of curiosity. Communication tools like Skype and social media make a perfect environment for exploiting Google URL Shortener to crooks’ advantage. What happens is, the malefactors set up an automated bot that sends out messages with goo.gl links to numerous Skype users. To evoke additional interest, the messages may include some catchy text like “Hey, is this your new profile picture?” or similar. Neither the messenger’s built-in defenses nor antimalware solutions will raise red flags on these incoming items due to the external legitimacy of those URLs.
However, the toxic links point to a certain file sharing service that typically hosts a ZIP or RAR archive. Inside that entity lurks a malicious executable file. It can be a binary for file-encrypting ransomware that takes one’s personal data hostage and demands cryptocurrency for decryption. There have also been reports about the spammers spreading banking Trojans, browser hijackers, adware and spyware this way. None of these, obviously, belong on a healthy machine, so the Skype goo.gl virus proliferation wave is quite a dangerous phenomenon that requires extra prudence on users’ end, with hardly any other proactive countermeasures available. Recipients of such messages are most likely good to go unless they have clicked on those links and thereby triggered the infection chain. If that’s the case, a thorough malware checkup procedure on a target PC is strongly recommended.
Verify whether Skype goo.gl adware has been completely removed
For certainty’s sake, it’s advised to repeatedly run a scan with the automatic security software in order to make sure no harmful remnants of this file are left inside Windows Registry and other operating system locations.