Cybercriminals have cloned the website of popular VPN software to trick unsuspecting visitors into downloading a dangerous trojan.
Researchers at Doctor Web have discovered a harmful banking trojan disguised as the popular virtual private network, NordVPN. The trojan, known as Win32.Bolik.2, is hidden alongside VPN downloads from a website designed to be easily mistaken for the real NordVPN’s site.
Related: Best VPN
Along with visual similarities to the original site and an easily mistakable domain name, the criminals behind the fake have also managed to get their hands on a valid SSL certificate, thanks to open certificate authority Let’s Encrypt.
This makes the site look more like the real thing and allows it to slip past browser security checks.
However, the counterfeit site did offer a much more enticing deal, with a year of the VPN software being promised for nothing as opposed to the actual offer of $2.99 a month for three years of the service on NordVPN’s real website.
This isn’t the first time this group has struck. Back in June, the hackers cloned the sites of various corporate office programmes, including Invoice 360 and Clip Plus, to hide the banking trojan and they have been caught distributing the same file via the hacked free video editing service, VSDC.
The trojan sneaks in alongside a legitimate copy of the VPN or office software from these fake sites to steal data from unsuspecting victims – and it’s been getting clicks.
“The Win32.Bolik.2 trojan is an improved version of Win32.Bolik.1 and has qualities of a multicomponent polymorphic file virus”, explained Doctor Web in a post exposing the malware. “Using this malware, hackers can perform web injections, traffic intercepts, keylogging and steal information from different bank-client systems.”
Related: Best free VPN
According to Doctor Web, the malware on these sites has been primarily targeted at English-speaking audiences, and the fake NordVPN page has already been visited thousands of times. This just serves as a reminder to double-check before you download any software that looks a little too good to be true.