We always talk about how VPNs are very useful applications to surf the Internet safely and bypass geo-blocks, but we also talk about the risk it can have. In this article we echo a case that demonstrates the latter that we mentioned. A group of hackers is taking advantage of a Popular VPN for sneaking viruses. We are going to tell you how they do it and, most importantly, what you should do to always be protected.
It’s about the IvacyVPN, one of the many that you can find on the Internet. What this group of cybercriminals, known as Bronze Starlight, does is use malware signed with a valid certificate used by the provider of this VPN. In this way, with that valid certificate you can bypass security measures. It will prevent an antivirus from detecting it as a threat, so it will pass as if it were legitimate software.
Valid certificate to sneak malware
These attacks will use .NET executables on the target device. They can use messaging apps to sneak ZIP files, which are going to be password protected, where the viral load goes. A security researcher MalwareHunterteamit detected that the code signing certificate was the same one used to install the Ivacy VPN.
It should be mentioned that these files will have vulnerable software of applications such as Microsoft Edge, Adobe Creative Cloud and others. These applications are susceptible to DLL hijacking. Windows will identify them as trustworthy programs and will allow the execution of malicious code.
What stands out most about all this is that it uses a code signing certificate of this VPN, Ivacy, something that has puzzled security researchers. As they indicate, VPNs are critical targets when allowing a hacker to gain access to sensitive communications and data. It is possible that this certificate was stolen, something that worries security researchers since it could mean that they have also had access to user data.
Avoid problems when using a VPN
All this leads us to recommend, once again, the use of VPNs that are reliable. On the Internet you will find many options, both free and paid. However, the truth is that not all of them are going to be safe. many times they are Created just to scam, to steal data and put users at risk. Others, on the other hand, may have vulnerabilities due to not receiving updates.
Our advice is that check very well what you are going to install. Look at comments from other users, review possible bad evaluations, read independent reports… All this will help you install a program that really helps you protect your browsing and avoid problems on the Internet. Some options like Surfshark or NordVPN are widely used and work well.
You should especially avoid the ones you don’t download from official sources or app stores like Google Play. They could be a scam and created just to scam you, to steal your data and take control of everything you do on the internet without your realizing it. It is an option that they can use for economic benefit.
In short, as you can see we are facing a new attack that uses a valid certificate of a VPN to strain viruses. This leads us to recommend, once again, that you always install guarantee services and avoid risks. But, in addition, it is convenient that you review any program you have very well, since at some point there may be vulnerabilities. It is also essential to know why the VPN is disconnecting.
