Hackers try to trap Internet users with cloned sites. To thwart the scam, it is important to always check the URL of the site you are consulting.
Updated on August 21st:
NordVPN informed us that the fake site that was usurping their identity is no longer active, which is good news. Unfortunately, nothing prevents hackers from using another URL that has not yet been blacklisted. So do not let your guard down.
VPN software fans, beware of trapped sites. DrWeb security researchers have detected a malware campaign that relies on fake NordVPN sites to broadcast a dangerous banking Trojan, in this case Win32.Bolik.2. It is downloaded along with the real NordVPN application. It allows hackers to install a backdoor on the system and to recover, among other things, the identifiers of banking sites.
NordVPN is not the only provider whose identity is spoofed. The hacker group also spreads their malware through fake management software sites like Clip Plus or Invoice 360. Last April, the thugs hit even harder. They managed to hack the official website of the VDSC video editing software and distribute their Trojan horse through fake download links.
To protect yourself from such a trick, it is important to always check the URL of the site and the download link. It is also interesting to inspect the security certificate. If it comes from the free authority "Let's Encrypt", when it is a known brand, there is a rock eel.
