Kaspersky researchers have discovered a new malicious campaign that uses a fake version of the website of a popular VPN service to spread the AZORult Trojan stealer by tricking users into thinking they are downloading a Windows Installer program. AZORult is one of the most common crooks on Russian hacking forums due to its wide range of capabilities. This Trojan horse poses a serious threat to infected computers because it allows an attacker to collect a large amount of data, including browser history, connection information, cookies, files and folders, cryptowallet files, and can even be used as a loader to download other malware. As more and more users have turned to VPNs to protect their privacy online, cybercriminals have begun to take advantage of the growing popularity of VPNs by impersonating them, as is the case. case in this AZORult campaign. In the campaign uncovered by Kaspersky researchers, the attackers created a copy of the ProtonVPN website that looks just like the actual site of the service, except it has a different domain name.
AZORult campaign
Links to the fake VPN website are delivered via advertisements across different banner networks, which is also called malvertising. When a victim visits the phishing website, they are prompted to download a free VPN installer. However, once a victim downloads the fake Windows VPN installer, they drop a copy of the AZORult botnet implant. Once the implant is activated, she collects information about the environment of the infected device and reports it to a server controlled by the attackers. The attackers then steal any cryptocurrency stored locally on the device from crypto wallets, as well as FTP connections, FileZilla passwords, email credentials, browser information including cookies and credentials from WinSCPm, Pidgin messenger, and other software. After discovering the campaign, Kaspersky immediately informed ProtonVPN and blocked the fake website in its security software. TechRadar Pro also contacted ProtonVPN for a statement on this matter.- Also check out our full list of the best VPN services