The templates change, but the bait remains the same: a package in storage. The goal is to make the user enter sensitive data on a fake site to steal it and activate a subscription.
Cybercrime spread malware via fake websites of popular software
Doctor Web: Cybercrime spread malware via fake websites of popular software: last episode saw a copy of the NordVPN official website hosting the dangerous banking trojan, Win32.Bolik.2
Cybercrime spread malware via fake websites of popular software. It has been detected by Doctor Web cyber security experts, who found a dangerous banking trojan, Win32.Bolik.2, spread by a copy of the NordVPN official website, which is a famous VPN service. According to researchers, the malware campaign that uses those fake websites is primarily targeted at English-speaking audiences and was launched on August 8, 2019. On top of that, at the end of June this year, the same hacker group copied websites of office programs: invoicesoftware360[.]xyz (the original is invoicesoftware360[.]com) and clipoffice[.]xyz (the original is crystaloffice[.]com), where the Win32.Bolik.2 trojan was distributed together with Trojan.PWS.Stealer.26645 malware. It’s an improved version of Win32.Bolik.1 and has qualities of a multicomponent polymorphic file virus. It allows web injections, traffic intercepts, keylogging and steal information from different bank-client systems.
The cyber security experts: Earlier this year, there was another malware campaign from the same cybercrime group, in which they distributed Win32.Bolik.2 through a hacked video editing software website: VSDC
Earlier this year, the cyber security experts reported another malware campaign from the same cybercrime group in which they distributed Win32.Bolik.2 through a hacked video editing software website: VSDC. The malicious hackers hijacked download links on the website causing visitors to download a dangerous banking trojan, Win32.Bolik.2, and the Trojan.PWS.Stealer (KPOT stealer) along with the editing software. This last malware is a This trojan that steals information from browsers, Microsoft accounts, several messengers and some other programs. The VSDC developers were notified about the threat, and the download links were restored to the originals. However is a mystery which is the group behind the two campaign, or if different crews cooperated to reach their goals.