Wednesday, January 20, 07:53
Home security Hackers clone VPN sites to distribute Trojan banking

Hackers clone VPN sites to distribute Trojan banking

The hackers who had previously hacked the site of the free multimedia editor VSDC to distribute Win32.Bolik.2 banking Trojan have now changed their tactics by targeting VPN services.


While in the past legal sites had been hacked to understand download links that were affected by malware, now hackers create site clones to transfer banking Trojans to the computers of unsuspecting victims. This allows them to focus on adding capabilities to their malicious tools, rather than wasting time trying to infiltrate them. servers and legitimate business websites.

A recent incident is the distribution of the active Win32.Bolik.2 banking Trojan via the nord-vpn [.] Club website. This is an almost perfect clone of the official website used by the popular service NordVPN VPN. The cloned site also has a valid certificate SSL issued by Let's Encrypt on August 3, with an expiration date of November 1.


"Win32.Bolik.2 trojan is an improved version of Win32.Bolik.1 and has the properties of a polymorphic file virus," said Doctor Web researchers who detected the virus.

"Using this malware, hackers can perform web injections, monitor the traffic, to record and steal information from different banking-client systems. ”

The hackers behind this malicious campaign they launched their attacks on 8 in August, focusing on English-speaking targets and, according to researchers, thousands of users - likely victims - who have already visited the nord-vpn [.] club site in search of a download link for the NordVPN client.

Take great care of the websites you visit and your online downloads.


Please enter your comment!
Please enter your name here



The creator of PUBG is planning an IPO worth $ 27,2 billion! Ο δημιουργός του PUBG, Kim Chang-han, σχεδιάζει IPO (Αρχική Δημόσια Προσφορά ή εισαγωγή στο χρηματιστήριο) η...

Slack: How to turn off automatic conversion to Emoji

Emoji are everywhere now. In many applications - such as Slack - you can not type a simple emoticon based on ...

Malware FreakOut: Infects "Linux hosts" that run vulnerable software

An active malicious campaign is currently targeting critical Linux devices running software. Its purpose is to infect ...

Facebook Messenger vs WhatsApp: Which is worse for privacy?

In recent days, WhatsApp has been at the center of discussions, due to issues that have arisen regarding the privacy of ...

Apple sued! They want to remove Telegram from the App Store

Although Telegram has become very popular in the world in recent days, it also receives a lot of negative reviews. A former ambassador of ...

VLC for macOS has been updated with full support for M1 Macs

VLC is one of the most popular media players and the macOS version is currently receiving a major update with full ...

Google Maps adds precise details to 4 city roadmaps

The Google Maps app received an update in August last year, which added more color to the physical maps to ...

Smartwatches may detect COVID-19 symptoms

Smartwatches and fitness wearables can play a valuable role in the early detection of COVID-19, according to some recent studies. Researchers from ...

The incidence of sextortion increased significantly during the pandemic period

With the outbreak of the COVID-19 pandemic, countries around the world have entered a lockdown regime, in an effort to ...

SpaceX launches the first Starlink satellite for 1

SpaceX will launch 60 satellites from the Kennedy Space Center in Florida on Wednesday. This will be the first launch of ...