. home.aspx



Popular VPN site cloned to spread malware

August 21, 2019 / Rob Thubron

Hackers are always using inventive ways to implant malware on people’s computers, including the cloning of a popular VPN website to spread a banking trojan. Researchers at Doctor Web’s virus lab discovered that criminals created a website that was a copy of the one belonging to virtual private network service NordVPN. This nord-vpn[.]club website, which is currently inaccessible, was almost identical to the official nordvpn.com site. To make this cloned website appear more legitimate and help it pass browser security checks, it had a valid SSL certificate that was issued by open certificate authority Let’s Encrypt. Visitors to the fake website were prompted to download NordVPN's client. The real program was installed to avoid suspicion, but the the Win32.Bolik.2 banking Trojan was downloaded alongside it, infecting a user’s system. “The Win32.Bolik.2 trojan is an improved version of Win32.Bolik.1 and has qualities of a multicomponent polymorphic file v...