Hackers impersonate top VPN to steal cryptocurrency

Researchers at Kaspersky have uncovered a new destructive marketing campaign which employs a faux variation

Researchers at Kaspersky have uncovered a new destructive marketing campaign which employs a faux variation of a common VPN service’s internet site to unfold the Trojan stealer AZORult by tricking buyers into considering they are downloading a Home windows installer.

AZORult is one of the most typical stealers on Russian hacking discussion boards due to the fact of its extensive vary of capabilities. This Trojan poses a critical menace to contaminated personal computers as it lets an attacker to gather a prosperity of info such as browser record, login qualifications, cookies, documents and folders, cryptowallet documents and it can even be applied as a loader to download other malware.

As far more buyers have turned to VPNs to safeguard their privateness on-line, cybercriminals have started to abuse the expanding level of popularity of VPNs by impersonating them, as is the circumstance in this AZORult marketing campaign.

In the marketing campaign uncovered by Kaspersky scientists, the attackers created a copy of ProtonVPN’s internet site which seems equivalent to the service’s true site except for the actuality that it has a different domain identify.

AZORult marketing campaign

One-way links to the faux VPN internet site are unfold via adverts by using different banner networks which is a observe that is also referred to as malvertising.

When a victim visits the phishing internet site, they are prompted to download a absolutely free VPN installer. On the other hand, at the time a victim downloads the faux VPN installer for Home windows, it drops a copy of the AZORult botnet implant. After the implant is activated, it collects the contaminated device’s setting info and experiences it back again to a server managed by the attackers.

The attackers then steal any cryptocurrency stored locally on the product from cryptowallets as perfectly as FTP logins, passwords from FileZilla, email qualifications, info from browsers such as cookies and qualifications from WinSCPm, Pidgin messenger and other folks application.

Just after discovering the marketing campaign, Kaspersky right away knowledgeable ProtonVPN and blocked the faux internet site in its stability application. TechRadar Pro has also contacted ProtonVPN for a statement on the make any difference.

  • Also look at out our entire list of the finest VPN providers