Bad VPN Website Issues Malware

Tuesday, December 17, 2013 @ 06:12 PM gHale

Virtual Private Networks (VPNs) can protect data, and more and more people want to use the service to ensure a safe operating environment.

But there is a site out there called aquavpn(dot)com, an anonymously registered site that says it offers a VPN service called AquaVPN, said researchers at Malwarebytes.

Beware: Faux Antivirus Domain Sites
Automated Hacking Tools Visit Login Pages
Malware Targets SAP Users
Chrome Search Leads to Malware

At first glance, it may look like it may be a legitimate service provider, but in reality, it has been set up to distribute a piece of malware designed to steal information from infected computers.

The malware ends up loaded onto systems when visitors try to click on key buttons. That’s when they’re told to run a Java applet in order to connect to AquaVPN.

If the applet ends up executed, two files drop into a directory on the hard drive. One of the files is a keylogger, which logs every key the user taps on, and the other one is where the stolen information ends up stored.

The faux site “lists various aspects of doing something that sounds a bit technical to the average end-user: ‘loading initial database server,’ ‘loading environment variable workspace,’ ‘parsing data to server and initiating VPN countries,’” said a Malwarebytes blog.

“All very impressive, until you realize both the rundown of what is happening and the green scrolling ‘something is happening’ bar underneath are both GIF image files hosted at another website called secure-jar(dot)com.”

Click here for additional details.

Leave a Reply

You must be logged in to post a comment.