Localized Dorkbot malware variant spreading across Skype

Security researchers from Avast have intercepted a currently spreading Darkbot malware campaign, that's affecting millions of Skype users.

The malware spreads by messaging all of your contacts with a bogus "new profile picture message". It targets all the major Web browsers, and is also capable of distributing related malware such as Ransomware/LockScreen, as well as steal accounting data for major social networking services such as Facebook, Twitter, as well as related services such as GoDaddy, PayPal and Netflix.

What's particularly worth emphasizing on in regard to this malware variant, is that the messages used by the cybercriminals behind it have been localized to 31 different languages, with the malicious attackers relying on the GetLocaleInfo API function to ensure that they've properly geolocated the host.

Thanks to the rise of "cultural diversity on demand" services, literally each and every cybercriminal can embed professionally translated messages within their campaigns, potentially increasing the probability of having a potential victim click on these messages, and most importantly trust them, and their sender.

Users are advised to ensure that they're running the latest version of their third-party software, browser plugins, ensure that the URL they're about to click on hasn't already been flagged as malicious, and take advantage of application sandboxing techniques to avoid direct exploitation of their host.

Find out more about Dancho Danchev at his LinkedIn profile.