Cybercriminals recently set up impostor websites for the NordVPN virtual private network service and two office software products, in an attempt to infect visitors with the Win32.Bolij.2 banking trojan, according to researchers.
Launched on Aug. 8, the fake NordVPN site, nord-vpn[.]club, has already drawn thousands of visitors so far this month, Dr.Web reports in an Aug. 19 company blog post. The site is very realistic, featuring the same over design, color schemes and fonts as the true site, nordvpn.com. And it even has a valid SSL certificate.
The fraudulent site attempts to coax visitors into downloading a program that comes bundled with Bolij2. Dr.Web researchers describe the trojan as an upgraded version of Win32.Bolik.1, noting it “has qualities of a multicomponent polymorphic file virus” and is “capable of performing web injections, traffic intercepts, keylogging and stealing information from different bank-client systems.”
The attackers launched a similar plot last June when it copied the websites of Invoice 360 Enterprise and Crystal Office Systems, both of which make business/office applications. Dr.Web s ..
Support the originator by clicking the read the rest link below.
