The malware campaign was discovered by Dr. Web detailing how hackers have been using Bolik banking trojan against unsuspected users.
If there’s one reason for the distrust that consumers had in online marketplaces in the old days, it was because of “getting not what you see.” Although Amazon has chimed in to fill in that trust gap, it does not go without saying that black hat hackers have found new ways of scamming users.
In the latest, it has been discovered by Doctor Web that hackers have been spreading malicious programs resembling legitimate software with one of them being NordVPN.
It entices users through a very simple scheme. By creating a website that is exactly similar to the NordVPN’s original website, users are tricked into believing that they’re browsing the legitimate site at nord-vpn[.]club. With that, they download a program that is also required in the original’s case, yet, the catch is that with the original program being downloaded, a banking trojan horse called Win32.Bolik.2 comes along as well.
The hacker behind Bolik banker worm is back. This time the malware is distributed via fake sites pretending to be NordVPN, Invoicesoftware360 and Clipoffice.Arcticle: https://t.co/1ZJK5BdV4FIOCs: https://t.co/Q9b9ECrZxu
— Ivan Korolev (@fe7ch) hackers cloned nordvpn website banking trojan
