Newsroom News Breaking Comics Tags RSS
News hardware & software 21 August 2019, 17:54

author: Barth Faryna

Fake Version of Top VPN Website Spreads Malware

VPN is a service used by more and more users who are concerned about their safety in the web. Ironically, one of the largest sites of that type has been copied and is used to distribute malware through original client.

A fake version of the website sends malicious software with the original client.

Websites providing VPN services have recently become more and more popular. Many Internet users have started to pay attention to their online safety and use additional tools that will be able to provide them with it. One such measure is the VPN. Ironically, one of the largest sites of this kind has recently been attacked by hackers who made an exact copy of it in order to send out malware.

The fraud was discovered by the researchers at the Doctor Web lab. They managed to track down a dangerous trojan and identify it as Win32.Bolik.2. This is the second version of the said malware, the purpose of which is to provide hackers with access to information from various banking systems.

The page looks almost identical - the only difference is the address.

The targets of the attacks are mainly English-speaking NordVPN users. According to the information provided by the researchers, thousands of people have already visited the fake website.

The copied version of the website behaves and looks exactly the same as the original. The person who uses it is unable to notice that something is wrong. The website even has a special SSL certificate and an original VPN client, which it sends to the user's computer. Users of the website also download the Win32.Bolik.2 trojan, which immediately starts running on their device.

The fake version of the website is even certified.

The whole project is the responsibility of the same group of hackers who were involved in using the website of the free video editor VSDC video editor to distribute malware.

Experts warn that the success of the project may encourage cybercriminals to expand their activities to other websites - and not only those providing VPN services. Watch out, guys.

See/Add Comments