Fake VPNs are currently rampant on the Internet! These malicious applications contain malware responsible for stealing a large amount of personal data by taking control of devices.
We say it too often, but the Internet is full of dangers! To trap more and more Internet users, hackers and cybercriminals are increasing their ingenuity and striving to make their malware as undetectable as possible. This allows them to bypass protection programs and fool less informed people. To do this, they do not hesitate to exploit the popularity of VPNs (Virtual Private Networks), tools that have now become essential for securing our Internet connections.
Google cybersecurity researchers warn of a new malicious campaign in a blog post. Infected versions of VPNs are circulating on fraudulent sites that imitate official platforms, including LetsVPN. By downloading them, victims risk having their device infected and their personal data stolen.
Fake VPN: malware installed without victims’ knowledge
To achieve their ends, hackers exploited the almost blind trust that some Internet users place in Google. Indeed, generally, when we carry out a search, we tend to click on the first links that appear. But they are not necessarily the most relevant… When a company or person wants to appear at the top of Google search results, in the part dedicated to advertisements, all they have to do is sponsor their link by investing money in it, and thus appear at the top of the list. This could be a company that sells products related to the search, or it could be hackers who want you to click on a link to malware. This is called the SEO Poisoning technique. In addition to this, cybercriminals use classic techniques like email phishing.
Result: users believe they are downloading an application from a reliable site, but in reality obtain software containing malware called Playfulghost. Once installed, it can take full control of the infected device. It is nothing more and nothing less than a derivative of the famous Gh0st RAT (Remote Access Terminal), malware used to control a remote machine in operation since 2008. It allows cybercriminals to modify and delete files, record keystrokes, take screenshots and audio, clear and copy clipboard data, and collect hardware information such as system version operating system, processors, drive type, disk space, etc. In short, everything you need to steal the victim’s personal information.
Unfortunately, this isn’t the first time hackers have used VPNs to install malware on victims’ devices. We therefore advise you to be particularly vigilant during your searches and to avoid sponsored links. The best is to go through the official site, checking the domain name of the website, located in the URL. You can use our comparative guide to choose your VPN.
