Careful! There are Fake VPN Applications Infected with Malware or Viruses
Currently there is a new mode that criminals can use cyber to spread the virus or malware made, namely through a fake VPN application.
According to the latest reports, the criminals cyber it has created a dedicated site that is similar to the original VPN site. One of the original VPN providers that has fallen victim to this scam is NordVPN.
From the NordVPN site, cyber share the Win32.Bolik.2 banking trojan which was first discovered by researchers from Doctor Web.
So do not be surprised if many are deceived by these fake sites, because the perpetrators are able to create fake sites that cannot be marked as fake. Even the SSL issued by the Let’s Encrypt authority is so similar to the original site that it easily bypasses browser security checks.
Know Fake VPNs Before Installing Them
In his blog post, the researcher at Doctor Web reveals the purpose of the Win32.Bolik.2 trojan.
“Win21.Bolik.2 is the latest version of Win32.Bolik.1 and has advantages in multicomponent polymorphic file viruses. With malware these hackers can just do the web injection, traffic intercepts, keylogging to stealing different bank client systems,” he said.
Perpetrators of this type of crime are targeted at victims who speak English, so far thousands of users have visited the fake NordVPN site. Now when the user has visited the fake VPN site, it will be asked to download the NordVPN application like the one on the original site.
To make users unsuspecting, the site also provides a native VPN application apart from embedding the Win32.Bolik.2 trojan. Given that the mode manages to trick the victim, it’s likely that there will be a lot of criminals cyber which will use the same trick to infect the device with malware.