Skype is sounding the security alert, and users should take note before using the Internet calling service.
A Trojan horse disguised as Skype Defender, a security plug-in, is making the rounds, according to a Skype security blog.
The malicious software, which affects Windows users, steals Skype log-on and password information once the program is executed. Similar log-in credential information saved in Internet Explorer is also gleaned by the Trojan horse.
If a user installs the bogus security plug-in, a malicious "Skype Defender" confirmation window pops up and asks the user to log into his or her Skype account. After typing in the sensitive information, the user is notified that the relevant name and password were not recognized.
Users, however, can watch for a key difference between the legitimate Skype log-in window and the malicious one, security research firm F-Secure advised. A red box appears around the legitimate Skype sign-in button, F-Secure noted.
The Skype security issue may spill over to users of eBay, auction giant that now owns the VoIP service.