Hackers clone ProtonVPN website to drop password stealer malware

Hackers clone ProtonVPN website to drop password stealer malware

Hackers used fake ProtonVPN installers to infect users with nasty Azorult malware.


One of the easiest ways to lure users to install malware on their computers is to imitate legitimate websites. This is exactly what certain attackers have done as recently investigated by researchers at Kaspersky by targeting ProtonVPN.


For the unfamiliar, ProtonVPN is a Swiss-based product by the very same company that operates the very famous ProtonMail. Currently, ProtonVPN has more than 2 million users around the world and that makes it a lucrative target for cybercriminals.


See: LokiBot malware variant distributed as Epic Games installer


According to Kaspersky, hackers have cloned the design of ProtonVPN’s official website (protonvpn[.]com) to drop AZORult malware through its installer file.

Snapshot of the fake ProtonVPN website:



For your information, Azorult is a RAT (remote access Trojan) that can infect any computer successfully. Azorult was previously found targeting thousands of Magneto sites and spreading PayPal themed banking malware. The same malware was caught last month spreading itself using Drake’s “kiki do you love me” song.


According to Kaspersky’s blog post, to clone the web ..

Support the originator by clicking the read the rest link below.