Security

Fake VPN website delivering password-stealing malware

A VPN (virtual private network) is a sensible option if you want to use the Internet discreetly without giving away your online identity. But, what if the website you are trusting to buy VPN is fake and delivering malware? Obviously, your privacy, personal and financial data would be at risk.

While investigating malware infections, Bleeping Computer noted that a new fake VPN website has been scamming users by delivering two different password-stealing malware namely Vidar and CryptoBot. 

See: Top 10 VPN Services For 2019

They further identified that the fake website is created by a cyber threat actor and the malware is distributed under the guise of a VPN program dubbed InterVPN. That is, the user believes to be using a VPN service but actually the website installs the Trojans on the victim’s device.



Once installed, according to the report, the malware starts stealing data from the computer starting with browser credentials. Moreover, users are lured towards InterVPN because it is promoted as the fastest VPN service around and displays the image of authentic VPN Pro software claiming it to be the VPN client to deceive the victim.

Original website: vpnpro.net (left) – Fake website: intervpn.pro (right)

Researchers also discovered that the VPN Pro application has been repackaged by the attacker inside a Trojan, which uses the AutoHotKey script for downloading malware. The script establishes a connection with iplogger(dot)org to access bitbucket(dot)org for downloading either the CryptoBot or Vidar Trojan executable.

The attacker or the campaign itself selects which of the two malware will be installed on a specific device. 

See: Fake Tor browser stole Bitcoins from dark web users

The primary purpose behind installing the two malware is to steal login credentials saved in the browsers’ cache but the infection can spread to other computer components and systems. The malware can also try to access and steal cryptocurrency wallets, text files, and capture screenshots to obtain login credentials. 


What’s worse is that everything happens without even alerting the user since the fake free software VPN Pro works just like a VPN normally does.

According to the report, users are eagerly downloading this malicious new VPN because there is no fee involved even after the trial period ends. But the concerning aspect is that the longer this infected VPN runs on the device, the malware will keep accessing user data and may even steal sensitive personal and financial information.

See: New Linux vulnerability puts VPN connections at risk of hijacking

If you want to prevent your computer from the infection, never download VPN software from any other platform than the official websites of renowned and trusted VPN providers. Free VPNs should be avoided at all costs because such software are usually infected with malware and aim to perform many nefarious tasks on the device.


Furthermore, install an anti-virus program on your device, run scan regularly and keep your system updated.

This, however, is not the first time when scammers have used VPN to scam unsuspected users. In August this year, hackers cloned NordVPN’s website to drop banking trojan on devices of whoever downloaded and installed a malicious version of the VPN.

You Might Also Like