It’s not a mystery, the lockdown we are experiencing has exponentially increased the use of some enabling technologies for remote work , from the Web Conference software (Zoom knows something), passing through the RDP protocols up to the surge in use VPNs .
Just think that NordVPN, one of the largest providers in the world, said that the use of its services has increased by 165% globally.
The scenery
It is perhaps true that the world will never be the same after the pandemic. The virus that has kept us in our homes has had a severe impact on the global business market and has undoubtedly made its echo felt on the world economy.
In the meantime, organizations have tried to remedy emergency measures to be deployed quickly, in particular by asking their employees to work online from home. This paradigm shift, unfortunately, has opened up an opportunity for criminal hackers to intensify their attack activities.
Why do cybercriminals target VPNs?
Among the emergency measures taken by organizations during the COVID-19 epidemic, as mentioned, we indeed find VPNs at the top of the list.
Adopted to protect browsing activities from prying eyes on public / private Wi-Fi connections, VPNs are also necessary when someone is trying to access sites subject to blocking based on the user’s geographical location. In many countries, data on the use of VPNs has skyrocketed.
In just one week (9-15 March), the use of VPNs in Italy increased by 112%, 38% in Iran and 36% in Spain compared to the previous week.
On the North American continent, in a month of Coronavirus spread, there was an increase of 24%, 26% and 18% in Canada, the United States of America and Mexico respectively.
Easy to understand that this wildfire expansion can only have attracted the attention of the Criminal Hacker. But how did they decide to take advantage of this new popularity to launch their attacks?
VPN False
Researchers have found that criminal hacker groups are manipulating users into downloading and installing malware disguised as legitimate VPN clients.
As if that wasn’t enough, some of the VPNs available on the Chrome store, on the Android game store or in other places, are simply a scam!
Some examples of bait sites set up ad hoc by Criminal Hackers:
- Domain: nordfreevpn [.] Com
When a user tries to install a VPN client from this site, he ends up fixing the Grand Stealer malware. This malware can steal various user credentials, browser profiles (credentials, cookies, credit cards, autofill), Gecko credentials, screenshots, FTP credentials, RDP credentials, Telegram sessions, Discord software data, desktop files …
- Domain: vpn4test [.] Net
However, installing a VPN client from this site can affect users’ systems with the Azorult info stealer. The malware first generates a bot ID to uniquely identify the host machine and then communicate with its Command and Control server.
Azorult Collects saved passwords, browser access credentials, cookies, history, chat sessions, screenshots, etc …
Besides, it can download additional malware to the infected system such as Masad stealer and Parasite RAT.
Abuse of fake VPN reviews
The Google Play Store and the Apple App Store are the two best app stores that most of us know and use almost daily now. But Criminal Hackers, on the other hand, enjoy exploiting it . It is especially true for the Android platform, which has the maximum number of users worldwide.
Cybercriminals spread fake app reviews to scale the rankings of their malicious products, to get the most downloads, but they are also able to manipulate the App Store and Play Store algorithms to propagate their apps.
In recent weeks, Google has had to remove an Android app “SuperVPN” – downloaded over 100 million times – with a critical vulnerability that put users at risk of attack.
In conclusion
Once a VPN is downloaded, it becomes responsible for the data entering and leaving the devices where it is installed. Hence, one must be very careful about what they are downloading and from where.
If you are looking for zero-cost VPN services, be careful how much you are willing to risk. This crisis could make Criminal Hackers more aggressive than ever, with a plethora of unsafe endpoints awaiting them.