- Sonicwall’s warning hackers are distributing malicious VPN software
- Netextender is modified and distributed through false websites
- Malicious software steals credentials and VPN settings
Computer pirates have been seen falsifying the VPN client of Sonicwall Netextender SSL and distributing it through false websites that mimic the official Sonicwall site.
Sonicwall and Microsoft Menazing Intelligence (MSTIC) saw the troyanized application and issued a notice to warn users not to download the false software.
As Netextender is used as a remote access client, stolen VPN configuration data and VPN credentials can put employees and companies at risk of commitment.
False VPN client distributed through the false website
The False VPN client is signed by “Citylight Media Private Limited”, which gives it a limited level of authenticity that can deceive some low -level cyber protections.
The file was distributed using SEO poisoning techniques and evil evil that can cause the false website to appear above the authentic site, especially in sponsored results.
Therefore, Sonicwall has reminded users who only download software from legitimate sources, in this case, Sonicwall.com and MySonicwall.com.
In the research carried out by Sonicwall and Mstic, they found two modified binaries of their product distributed by the false website; Neservice.exe which was modified to avoid digital certificate verifications; and Netextender.exe It was modified to steal configuration data and credentials.
When all the necessary details are entered and the user clicks Connect, the data that includes username, password, domain and more are extracted and sent to a remote server controlled by computer pirates.
Both Sonicwall cyber security tools and Microsoft can now detect malicious software, but other third -party software is not yet configured to detect files. It is always a good idea to consult the best antivirus software to protect your modified software devices and malicious files.
