author: Barth Faryna
Fake Version of Top VPN Website Spreads Malware
VPN is a service used by more and more users who are concerned about their safety in the web. Ironically, one of the largest sites of that type has been copied and is used to distribute malware through original client.
Websites providing VPN services have recently become more and more popular. Many Internet users have started to pay attention to their online safety and use additional tools that will be able to provide them with it. One such measure is the VPN. Ironically, one of the largest sites of this kind has recently been attacked by hackers who made an exact copy of it in order to send out malware.
The fraud was discovered by the researchers at the Doctor Web lab. They managed to track down a dangerous trojan and identify it as Win32.Bolik.2. This is the second version of the said malware, the purpose of which is to provide hackers with access to information from various banking systems.
The targets of the attacks are mainly English-speaking NordVPN users. According to the information provided by the researchers, thousands of people have already visited the fake website.
The copied version of the website behaves and looks exactly the same as the original. The person who uses it is unable to notice that something is wrong. The website even has a special SSL certificate and an original VPN client, which it sends to the user's computer. Users of the website also download the Win32.Bolik.2 trojan, which immediately starts running on their device.
The whole project is the responsibility of the same group of hackers who were involved in using the website of the free video editor VSDC video editor to distribute malware.
Experts warn that the success of the project may encourage cybercriminals to expand their activities to other websites - and not only those providing VPN services. Watch out, guys.