Two security researchers have uncovered malware that pretends to be a legitimate VPN service.
According to Lawrence Abrams from Bleepingcomputer and the team from Malwarehunter, Pirate Chick VPN (PirateChickVPNUpdate.exe) downloads and installs a malicious payload (vpnclientupdate.exe) on the victim’s computer. There was no Android version offered.
The provider had a genuine-looking website and even offered a three-month trial without the need to give away your credit card details to lure its targets.
- Want a free VPN? Check out our ultimate list of the best free VPN.
- VPN are not enough to keep yourself secure online. Consider buying an antivirus from our best antivirus list.
- Last but not least, read this list of the best anti-malware software around.
Russian links confirmed
The site, which is now offline, was identified back in January 2019 by URLHaus as hosting the AZORult malware, with strong Russian connections; the site is registered in Belarus, Minsk, Kirova street.
A cursory glance at Google cache shows that the site claimed to have a no-log policy and 120 locations in 32 countries.
The executable was signed by a four-year old British company called ATX International Limited which is registered in London and currently has an active proposal to strike off entry. Bleepingcomputer has a detailed explanation of how Pirate Chick VPN runs; the malware is distributed via fake Adobe Flash players (popular on illegal streaming sites) and adware bundles.
It is likely that the threat posed by this fake VPN provider was nipped early in the bud as neither Archive.org, nor Alexa or Similarweb have witnessed any significant activity around the URL.
- Via: Bleepingcomputer