Criminals are cloning the web site of standard VPN software program to try to trick customers into downloading malware.
In accordance with new analysis, the cybercriminals liable for breaching and using the web site of the free video editor VSDC to distribute malware have begun to create faux web sites to perform the identical purpose.
Beforehand the group hacked reputable web sites to make use of their obtain hyperlinks to unfold malware however now they’ve turned to cloning web sites to ship the Win32.Bolik.2 banking Trojan to the gadgets of unsuspecting customers.
The cybercriminals have created an ideal clone of NordVPN‘s web site to trick customers into downloading the Win32.Bolik.2 banking Trojan which was found by researchers at Physician Net.
Along with being an nearly actual copy of the corporate’s web site, the cloned web site even has a legitimate SSL certificates issued by the open certificates authority Let’s Encrypt. This helps the faux web site seem extra reputable whereas additionally permitting it to bypass browser safety checks.
Cloned web sites
In a weblog submit saying their discovery, Physician Net’s researchers defined what the Win32.Bolik.2 banking Trojan is able to after being put in on a person’s system, saying:
“The Win32.Bolik.2 trojan is an improved model of Win32.Bolik.1 and has qualities of a multicomponent polymorphic file virus. Utilizing this malware, hackers can carry out internet injections, site visitors intercepts, keylogging and steal data from completely different bank-client methods.”
The cybercriminals behind this malicious marketing campaign are specializing in English-speaking targets and hundreds of customers have already visited the faux NordVPN web site in accordance with the researchers.
Upon visiting the cloned website, customers are prompted to obtain the NordVPN consumer simply as they might be on the reputable website. To keep away from arousing suspicion, the faux website installs the precise VPN consumer but additionally leaves the Win32.Bolik.2 banking Trojan on a person’s system as effectively.
Because the group’s ways have been profitable to this point, count on to see different comparable cloned websites being utilized to contaminate person’s methods with malware sooner or later.
- We have additionally highlighted the greatest VPN companies of 2019
By way of Bleeping Pc