- A new malicious website is pushing a re-branded version of VPN Pro which downloads Trojans.
- The payloads are either Vidar or CryptBot, depending on the campaign that’s currently active.
- People should not trust free VPN product links that are shared on forums and social media.
According to a report by Bleeping Computer, there’s a new fake VPN website out there that is distributing the Vidar and CryptBot password-stealing Trojans. These malicious tools were created to steal the login credentials that are saved in the browser cache but can also tap into other parts of the system too. The fake VPN product is called “Inter VPN”, claiming to be the fastest VPN solution, protecting your privacy and anonymity online. The software even uses an image from a legitimate VPN product (VPN Pro), to convince the victim to download and install it.
If the website visitor downloads the program, they’ll get a repackaged VPN Pro that is infected with a payload downloader. The “AutoHotKey” script connects to “iplogger.org” and downloads either the Vidar or the CryptBot executables from “bitbucket.org”. The choice between the two is up to the actor and the campaign that is running at the time of the infection. Once downloaded, the Trojans will begin looking in the saved browser credentials and the cookies. Besides these, they also look into text files, cryptocurrency wallets, and even take screenshots to hopefully grab the username or password, or both.
All of this nasty stuff is taking place in the background, so the victim is unlikely to realize anything. VPN Pro works as expected, and since it’s free, there is nothing to compel the user to replace it after the trial period ends, etc. That said, victims could be using “Inter VPN” for long, losing all their sensitive information to the malicious actors after allowing them multiple opportunities to grab it. These products are mainly promoted via forums and social media posts and attempt to persuade people to give them a try through fake reviews and various bold claims about their awesomeness.
That said, you should not follow links to VPN products from just anywhere or anyone. Instead, only trust the official websites on well-known and proven VPN vendors. While we generally don’t suggest that you should use a free VPN product, there are some solutions in this category that are considered generally reliable. If you are willing to pay something for it, check out our list with the nine best VPN deals that we offer exclusively for our readers.
Have you stepped on a trap of a fake VPN application before? Let us know of the details in the comments section down below, or share your experience on our socials, on Facebook and Twitter.