The global lockdown due to the COVID-19 outbreak has compelled individuals and businesses to use VPNs in large numbers around the world to shield your browsing activity from prying eyes on public/ private Wi-Fi connections. A VPN is also required when someone is trying to access geo-restricted sites. In many countries, the VPNs usage figures have rocketed.
Researchers have discovered that hackers groups are manipulating users into downloading and installing malware by posing as a legitimate VPN client. Moreover, some of the VPNs are simply a scam available on the Chrome store, android play store, or at other places.
Here we discuss different types of VPN baits.
Fake Nord VPN site
When a user attempts to install a VPN client from this site, the user ends up installing Grand Stealer malware.
Capabilities: Stealing various user credentials and cryptocurrency wallets, browser profiles (credentials, cookies, credit cards, autofill), Gecko credentials, Screenshots, FTP credentials, RDP credentials, Telegram sessions, Discord software data, Desktop files.
Fake VPN4Test site
Installing a VPN client from this site can load users’ systems with Azorult infostealer instead. The malware first generates a bot ID to uniquely identify the host machine and then communicate with its C2 server.
Capabilities: Harvests saved passwords, browser login credentials, cookies, history, chat sessions, screenshots, cryptocurrency wallet, etc. Additionally, it may download additional malware onto the infected system.
But, Azorult also downloads and executes two additional pieces of malware — Masad stealer and Parasite RAT.
Fake VPN reviews
The bigger you get the complex it gets. Google’s Play Store and Apple’s iOS App Store are the top two stores that many of us enjoy using. But hackers, on the other hand, enjoy exploiting it. It true especially for the Android platform, which obviously has the maximum number of users around the world.
- Adversaries spread fake app reviews to rank their apps so that they can get maximum downloads.
- They also manipulate the App Store and Play Store algorithms to propagate their apps.
Last week, Google kicked out an Android VPN app ‘SuperVPN’—downloaded over 100 million times—with critical vulnerability that posed a man in the middle (MITM) attack threat for the users.
Once you download a VPN, it becomes in-charge of your incoming and outgoing data. So, one has to be very careful with what are they downloading and from where. Also, if you’re looking for zero-cost VPN services, do your research for how worth it is to download a free VPN
This crisis might make malicious actors more aggressive than before with a plethora of unsecured endpoints waiting for them.