- Sonicwall warns hackers distributing malicious VPN software
- NetEXTender changes and distributed through fake sites
- The malicious software steals credentials and VPN configurations
Hackers have been viewed that counterfeit Sonicwall Netextender SSL VPN client and distributes it through fake websites that mimic the official Sonicwall site.
Sonicwall and Microsoft Threat Intelligence (MSTIC) discovered the Trojanized application and issued advice to warn users against downloading the fake software.
Since NetEXTender is used as a remote access VPN client, stolen VPN configuration data and VPN legislation information can put both employees and companies at risk of compromise.
SPOOFED VPN -Client Distributed via False Website
The fake VPN client is signed by “Citylight Media Private Limited”, giving it a limited level of authenticity that can fool some low -level cyber protection.
The file was distributed using SEO poisoning and malvertising techniques that can cause the fake site to appear over the authentic location, especially in sponsored results.
That’s why Sonicwall has reminded users to only download software from legitimate sources, in this case Sonicwall.com and Mysonicwall.com.
In the research conducted by Sonicwall and Mstic, the two modified binary files of their product were found distributed by the fake site; Neservice.exe which was changed to bypass digital certificate control; and Netextender.exe were changed to steal configuration data and credentials.
When all the necessary details are entered and the user clicks, the data that includes username, password, domain and more, and sent to an external server controlled by the hackers.
Both Sonicwalls and Microsoft’s cybersecurity tools can now detect the malicious software, but second -party software may not yet be configured to detect the files. It is always a good idea to consult the best antivirus software to protect your devices from altered software and malicious files.
