Skip to content Skip to sidebar Skip to footer
Home / Skype hacked by CIA

Skype hacked by CIA 

  
    
    
  Recent CIA Wikileaks release mentions "Skype" hack for spying on users, under the section called "Fine Dining Tool Module Lists[1]". Below is the relevant section.    
    
  
    Skype has comprised and targeted by your friendly neighborhood CIA agent as revealed in latest WikiLeaks leak, code-named "Vault 7".    This is not trivial since Skype boasts that it has more than 300 million monthly active users[2] as of March 2016.
DLL Hijack Skype User, Video-Chat Operator uses Skype to chat or call while collection is occurring 
  For the uninitiated, the Wikileaks"Vault 7" release list a host of exploits for common everyday free and paid applications by the CIA. The "Fine Dining Tool Module Lists" section list applications whose modules or libraries (which are loaded to run the program known as dynamically loading libraries (DLL))  have been compromised and replace. This is know as "DLL Hijack" in the document.  A hijacked DLL enables practically anything to be done by the remote collectors; it can collect keystrokes, take screenshots, record microphone, snoop on your mail and the dreaded scenario of complete control over you computer using a remote administration tool RAT.     [3]  
      
      
  Tien Phan describes in detail how one possible Skype DLL Hijack works,   quoted from https://packetstormsecurity.com/files/138873/skype-dllhijack.txt  
  
    
  
  Hi,    There are a dll planting vuln in skype installer. This vuln had been  reported to Microsoft but they decided not fix this.    Here is the vulnerability details:  ------  Skype installer in Windows is open to DLL hijacking.    Skype looks for a specific DLL by dynamically going through a set of  predefined directories. One of the directory being scanned is the  installation directory, and this is exactly what is abused in this  vulnerability.    Reproduce Notes:  1. Download this dll  https://mega.nz/#!b4ViSLJL!Pv99pN2d_WxsUHGPH0Ej3onwVeSdh41mpyKfQJfAq8E  2. Copy msi.dll to Downloads directory  3. download skype installer  4. execute the downloaded installer from your "Downloads" directory;  Observed behavior: message box ahyhya    Another dll can be used to hijack: dpapi.dll cryptui.dll  ------    Regards,  Tien        --   Tien Phan  Blog : http://tienpp.blogspot.com  twitter : @_razybo_   
    Action: Don't install your products from download folder. Create a new folder and move installer there. Then blow it away.

References

  1. ^ Fine Dining Tool Module Lists (wikileaks.org)
  2. ^ 300 million monthly active users (satya%20nadella%20has%20announced%20that%20skype%20has%20more%20than%20300%20million%20monthly%20active%20users)
  3. ^ RAT (en.wikipedia.org)
Source: feedproxy.google.com