Imposter VPN, Office software websites thrust banker Trojan

Cyber-criminals are reportedly floating fake widely-used VPN software's website in attempts to dupe end-users into downloading malicious software. One fresh research shows that the crooks, who hack and misuse the online site of VSDC a non-chargeable video editor for spreading malware, are now crafting phony websites for attaining the identical objective.

The researchers state that cyber-criminals of late created websites that masquerade as 2 products of Office software and the VPN or virtual private network NordVPN so they could contaminate visitors with a banker Trojan namely Win32.Bolij.2.

According to a blog post during August 19 by the company Dr. Web, the imposter NordVPN website known as nord-vpn[.]dub after getting floated on 8th August has by now had thousands of viewing hitherto this month. The website looks pretty real, characterized with identical color schemes, over design as well as fonts like in the actual website namely nordvpn.com. Further, there's an authentic SSL certificate too on it. www.scmagazine.com posted this, August 20, 2019.

According to malware analyst Ivan Korolev at Dr. Web who studied the phony website of NordVPN within an interview to Bleeping Computer, Win32.Bolik2 possesses enhanced features of certain virus file which is multi-component polymorphic in nature. By deploying this virus file, Korolev explains hackers become equipped with executing web injections, logging keystrokes, doing traffic intercepts, as also capturing information of various online banking clients.

The analyst's examination suggests that the Win32.Bolik2 Trojan chiefly targets people speaking English language within USA, the UK, Australia and Canada. However, his belief is that the hacker using the malware made exceptions with victims who handled valuable information.

Moreover, nord-vpn[.]dub also just seems as providing an edition of Windows application for NordVPN that implies that people using other machines mayn't be affected. There has since long been threat actors masking banker Trojans to pretend to be genuine software.

It's vital that every time an end-user visits a particular website, he carefully checks its URL. Organizations too should deploy an UEM (unified endpoint management) system, which with the aid of compliance conditions, performs remediation automatically and likewise eradicates malicious software after detection from certain in-scope node at a chosen end.

» SPAMfighter News - 9/2/2019