The Balik Trojan as a dangerous malware threat is being spread onto fake hacker-made sites, in the case of the ongoing attacks they are fake VPN sites. According to the available security reports this is done by using a sophisticated approach. The criminal group, of which we don’t have concrete information, is using a free multimedia editor to create the fake VPN sites. They are hosted on addresses which sound similar to the legitimate services used by end users.
Fake VPN Sites Used As Conduits For Spreading The Balik Trojan
Computer criminals are actively attempting to scam computer users into getting infected with the Balik Trojan. What we know is that the previous attempts at spreading this particular threat was done by hacking download portals and various Internet pages, at this time the main method is to construct dangerous landing pages that appear to the end users as legitimate VPN services and privacy tools.
At the moment the intrusions are done via several sites that are almost perfect copies of the Nord VPN service — they include contents which are exactly copied from the original site. They are also hosted on similar sounding domain names which are often confused by the users. What’s particularly worrying about this particular threat is that it includes a legitimate security certificate which will not prompt the browsers to display warning messages concerning the privacy of the pages.
The Bolik Trojan which is delivered by these campaigns is an improved malware threat whch can be used for a variety of dangerous tasks:
- Web Injection — This component has the ability to interact with the web browsers and manipulate with the displayed pages and fields.
- Keylogger Installation — These are small-sized scripts or programs that will acquire the user input of the victims and transmit it to the operators.
- Data Theft — The criminals can look for data that can expose sensitive information about the victims and any stored passwords or account credentials.
The behavior of the Bolik Trojan is typical of most banking malware — it is designed mainly to identify if the users are running any online banking services and will hijack the used account data.