Bolik Trojan Spreads To Intended Targets Via Fake VPN Sites

Bolik Trojan Spreads To Intended Targets Via Fake VPN Sites

1 Star2 Stars3 Stars4 Stars5 Stars (Ingen stemmer endnu)
Loading ...

The Balik Trojan as a dangerous malware threat is being spread onto fake hacker-made sites, in the case of the ongoing attacks they are fake VPN sites. According to the available security reports this is done by using a sophisticated approach. The criminal group, of which we don’t have concrete information, is using a free multimedia editor to create the fake VPN sites. They are hosted on addresses which sound similar to the legitimate services used by end users.

Fake VPN Sites Used As Conduits For Spreading The Balik Trojan

Computer criminals are actively attempting to scam computer users into getting infected with the Balik Trojan. What we know is that the previous attempts at spreading this particular threat was done by hacking download portals and various Internet pages, at this time the main method is to construct dangerous landing pages that appear to the end users as legitimate VPN services and privacy tools.

Relaterede: VPN Services Attacked By CVE-2019-11510 Vulnerability

At the moment the intrusions are done via several sites that are almost perfect copies of the Nord VPN service — they include contents which are exactly copied from the original site. They are also hosted on similar sounding domain names which are often confused by the users. What’s particularly worrying about this particular threat is that it includes a legitimate security certificate which will not prompt the browsers to display warning messages concerning the privacy of the pages.

The Bolik Trojan which is delivered by these campaigns is an improved malware threat whch can be used for a variety of dangerous tasks:

  • Web Injection — This component has the ability to interact with the web browsers and manipulate with the displayed pages and fields.
  • Keylogger Installation — These are small-sized scripts or programs that will acquire the user input of the victims and transmit it to the operators.
  • datatyveri — The criminals can look for data that can expose sensitive information about the victims and any stored passwords or account credentials.

The behavior of the Bolik Trojan is typical of most banking malware — it is designed mainly to identify if the users are running any online banking services and will hijack the used account data.


Martin Beltov

Martin dimitterede med en grad i Publishing fra Sofia Universitet. Som en cybersikkerhed entusiast han nyder at skrive om de nyeste trusler og mekanismer indbrud.

Flere indlæg - Websted

Følg mig:
TwitterGoogle Plus

Efterlad en kommentar

Din e-mail-adresse vil ikke blive offentliggjort. Krævede felter er markeret *

Frist er opbrugt. Venligst genindlæse CAPTCHA.

Del på Facebook Del
Loading ...
Del på Twitter Tweet
Loading ...
Del på Google Plus Del
Loading ...
Del på Linkedin Del
Loading ...
Del på Digg Del
Del på Reddit Del
Loading ...
Del på Stumbleupon Del
Loading ...