Fake VPN website delivers malware

News
By
published

Real VPN client comes bundled with banking Trojan

Someone using a VPN on a PC.
Image credit: Shutterstock (Image credit: Shutterstock)

Criminals are cloning the website of popular VPN software to try and trick users into downloading malware.

According to new research, the cybercriminals responsible for breaching and utilizing the website of the free video editor VSDC to distribute malware have begun to create fake websites to accomplish the same goal.

Previously the group hacked legitimate websites to use their download links to spread malware but now they have turned to cloning websites to deliver the Win32.Bolik.2 banking Trojan to the devices of unsuspecting users.

The cybercriminals have created a perfect clone of NordVPN's website to trick users into downloading the Win32.Bolik.2 banking Trojan which was discovered by researchers at Doctor Web.

In addition to being an almost exact copy of the company's website, the cloned website even has a valid SSL certificate issued by the open certificate authority Let's Encrypt. This helps the fake website appear more legitimate while also allowing it to bypass browser security checks.

Cloned websites

In a blog post announcing their discovery, Doctor Web's researchers explained what the Win32.Bolik.2 banking Trojan is capable of after being installed on a user's device, saying:

“The Win32.Bolik.2 trojan is an improved version of Win32.Bolik.1 and has qualities of a multicomponent polymorphic file virus. Using this malware, hackers can perform web injections, traffic intercepts, keylogging and steal information from different bank-client systems.”

The cybercriminals behind this malicious campaign are focusing on English-speaking targets and thousands of users have already visited the fake NordVPN website according to the researchers.

Upon visiting the cloned site, users are prompted to download the NordVPN client just as they would be on the legitimate site. To avoid arousing suspicion, the fake site installs the actual VPN client but also leaves the Win32.Bolik.2 banking Trojan on a user's system as well.

As the group's tactics have been successful so far, expect to see other similar cloned sites being utilized to infect user's systems with malware in the future.

  • We've also highlighted the best VPN services of 2019

Via Bleeping Computer

TOPICS
Anthony Spadafora
Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Latest in VPN Privacy & Security
In this photo illustration a Google Play logo seen displayed on a smartphone.
Why is there so much spyware hidden in the Play Store?
PrivadoVPN running on an iPhone during TechRadar's VPN tests
Why PrivadoVPN Free is still the best free VPN for streaming
Homepage of CloudFlare website on the display of PC, url - CloudFlare.com.
"Network blocking is never going to be the solution" – Cloudflare slams anti-piracy tactics
Panels at RightsCon 2025 during a press briefing about the latest Access Now report of internet shutdowns
2024 was the worst year on record for internet freedoms – again
Vector illustration of the word Censored in a glitch distorted style
Google, Apple, and internet restriction – how Big Tech is making censorship "much worse" according to experts
Google Chrome logo on a mobile phone's screen
Why you need a VPN browser extension
Latest in News
A collage of Ellie and Joel in The Last of Us season 2
The Last of Us season 2's new trailer teases a huge showdown between Bella Ramsey's Ellie and Pedro Pascal's Joel, but the big moment I'm waiting for is still being held back
Apple iPhone 16 Pro Max REVIEW
New iPhone 17 Air leak may have revealed some key specs – and how it compares to the iPhone 17 Pro Max
Gaming with AI
I asked Gemini to play a text-based adventure game with me and the AI whisked me away to a word-based fantasy
Apple iPhone 16 Review
Three iPhone 17 model dummy units appear in a hands-on video leak
The Samsung Galaxy S25 Edge on display the January 22, 2025 Galaxy Unpacked event.
New Samsung Galaxy S25 Edge may have revealed some key details – including its price
Quordle on a smartphone held in a hand
Quordle hints and answers for Monday, March 10 (game #1141)
More about vpn privacy security
In this photo illustration a Google Play logo seen displayed on a smartphone.

Why is there so much spyware hidden in the Play Store?
PrivadoVPN running on an iPhone during TechRadar's VPN tests

Why PrivadoVPN Free is still the best free VPN for streaming
Gaming with AI

I asked Gemini to play a text-based adventure game with me and the AI whisked me away to a word-based fantasy
See more latest
Most Popular
Gaming with AI
I asked Gemini to play a text-based adventure game with me and the AI whisked me away to a word-based fantasy
A collage of Ellie and Joel in The Last of Us season 2
The Last of Us season 2's new trailer teases a huge showdown between Bella Ramsey's Ellie and Pedro Pascal's Joel, but the big moment I'm waiting for is still being held back
Molecular hard drive
Chinese researchers are looking to create a revolutionary type of hard drive based on organic materials but huge unknowns remain
Quordle on a smartphone held in a hand
Quordle hints and answers for Monday, March 10 (game #1141)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Monday, March 10 (game #372)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Monday, March 10 (game #638)
Apple iPhone 16 Pro Max REVIEW
New iPhone 17 Air leak may have revealed some key specs – and how it compares to the iPhone 17 Pro Max
Dynabook Portégé Z40L-N
Dynabook's newest laptop has a 4-year warranty, a swappable battery, a weight of under 1 kg, and even a LAN port
Cortical Labs CL1
A breakthrough in computing: Cortical Labs' CL1 is the first living biocomputer and costs almost the same as 'Apple's best failure'
Workplace AI Adoption
ChatGPT remains the most popular AI tool in offices worldwide, survey finds, with India leading the way