2 Dangerous Trojans are being distributed heavily through fake VPN webs
International cybersecurity researchers recently discovered a fake website that hides a VPN service, but is actually used to spread and install two malicious password-stealing Trojans, Vidar and CryptBot, into the network. victim's system. The trojans will then attempt to steal all information stored in the browser as well as important data from the victim's computer and send it to the hacker server.
Specifically, this fake website is called 'Inter VPN' and advertises itself as the "fastest VPN" to deceive the gullible. To convince those more alert, this website will continue to display images of the VPN client, which is actually an image of the legitimate VPN Pro software, like the screenshot below.
Fake website
However, in the installer of this VPN Pro software, hackers have attached trojans. If you download and activate the installer, the trojan will spread on the system. According to security experts' analysis, the installer will continue to use AutoHotKey scripts to download several types of trojans, including Vidar and CryptBot.
This AutoHotKey script is designed so that when launched, it can send information to a malicious address named iplogger.org and then download the Vidar and CryptBot executables depending on the attack being in progress. Distributed on site.
AutoHotKey Script
Once the trojans are downloaded successfully, they will immediately launch and collect various types of information in the victim's system and send it to the attacker's server. Data stolen by trojans can include browser credentials, cookies, screenshots, text files, e-wallets, and many other types of sensitive personal information. More dangerous, the entire operation will be performed in the background, so the victim is almost completely unable to detect any anomalies.
Traffic of CryptBot malware
Malicious Vidar traffic
To protect yourself from this type of attack, you must first ensure that the website you're about to visit has a legitimate URL. Then use a malware scanner like VirusTotal to check the safety of any software you plan to download from that site.
You should read it
- Azorult Trojan steals user passwords while running in the background like Google Update
- Discover a new kind of malicious code that can record the phone call to extort money
- Detect new Android malware fake system update to track and steal user information
- BankBot is back on Play Store - an uninterrupted story about malware on Android
- Differentiate types of malware
- Use SEO to bring Google search results to bank trojans
- What is data exfiltration? How to prevent this dangerous behavior?
- Trojans steal 100,000 personally identifiable information
May be interested
- Appeared fake Google Toolbar trojansuk-based surfcontrol has issued a warning about the emergence of a new trojan forging the latest version of google toolbar. the trojan is spread primarily by a fake email path sent by a leading search provider.
- Top 10 most dangerous malicious codes in Aprilsophos has announced the list of the most dangerous and distributed malicious code in april. last month saw a number of new names appear and dominate the rankings.
- How to fake GPS on the phonefake gps on the phone allows you to create fake locations anywhere in the world, ie the real location on the phone will be hidden and replaced by a new location of your choice.
- The best way to fake IP computer, bestwhen fake ip you can access blocked facebook or many other websites. there are many ways to fake ip like using professional ip changing software.
- Basic about Gitgit is the name of a distributed version management system (distributed version control system - dvcs) is one of the most popular distributed version management systems today.
- Warning: Ransomware is spreading through fake malicious Windows updatesnamed magniber, this dangerous ransomware strain has been around on the internet for a while, and ranks in the dangerous group with its diverse infectivity.
- Top 7 most easily counterfeited foods todayjoin tipsmake.com to consult the top 7 most easily counterfeited foods today!
- How to remove Trojan, Virus, Worm or Malware?these are extremely dangerous programs. when your computer is attacked by a virus or malware, they will start to devastate your computer.
- The fake Trojan add-on Trojan is extremely dangeroussecurity firm mcafee yesterday discovered a fake trojan as an add-on for the firefox browser to break into users' systems.
- Top 10 most dangerous monsters in Minecraftminecraft may seem like a game that focuses heavily on gathering and crafting, but combat is also a big part of minecraft. so what are the hostile mods that make you afraid to face them?