Home Articles Why Hackers are After VPNs During Times of COVID-19 Pandemic

Why Hackers are After VPNs During Times of COVID-19 Pandemic


As businesses use VPNs in large number due to the COVID-19 outbreak, hackers are attacking the VPNs. Read on to know more…

The novel Coronavirus has kept us contained in our homes and has gravely impacted the global business marketplace and shattered the world economy. As various organizations are trying to stay afloat in these times by asking their employees to work online from their homes and stays. This change has opened up an opportunity for hackers to target the VPNs.

Opportunities for Hackers
The global lockdown due to the COVID-19 outbreak has compelled individuals and businesses to use VPNs in large numbers around the world to shield your browsing activity from prying eyes on public/ private Wi-Fi connections. A VPN is also required when someone is trying to access geo-restricted sites. In many countries, the VPNs usage figures have sky rocketed.

Within just a week (March 9-15), VPN usage in Italy increased by 112%, 38% in Iran, and 36% in Spain in comparison to the previous week. In the North American continent, there was a surge of 24%, 26%, and 18% in Canada, USA, and Mexico, in a month of Coronavirus spread and NordVPN claimed that the usage of their services increased by 165% globally.

Virtual World of Fake VPNs
Researchers have discovered that hackers groups are manipulating users into downloading and installing malware by posing as a legitimate VPN client. Moreover, some of the VPNs are simply a scam available on the Chrome store, android play store, or at other places.

The various types of VPN baits are listed below

Fake Nord VPN Site
Domain: nordfreevpn[.]com

When a user attempts to install a VPN client from this site, the user ends up installing Grand Stealer malware.

Capabilities: Stealing various user credentials and cryptocurrency wallets, browser profiles (credentials, cookies, credit cards, autofill), Gecko credentials, Screenshots, FTP credentials, RDP credentials, Telegram sessions, Discord software data, Desktop files.

Fake VPN4Test Site
Domain: vpn4test[.]net

Installing a VPN client from this site can load users’ systems with Azorult infostealer instead. The malware first generates a bot ID to uniquely identify the host machine and then communicate with its C2 server.

Capabilities: Harvests saved passwords, browser login credentials, cookies, history, chat sessions, screenshots, cryptocurrency wallet, etc. Additionally, it may download additional malware onto the infected system. But, Azorult also downloads and executes two additional pieces of malware — Masad stealer and Parasite RAT.

Fake VPN Reviews
The bigger you get the complex it gets. Google’s Play Store and Apple’s iOS App Store are the top two stores that many of us enjoy using. But hackers, on the other hand, enjoy exploiting it. It true especially for the Android platform, which obviously has the maximum number of users around the world.

• Adversaries spread fake app reviews to rank their apps so that they can get maximum downloads.
• They also manipulate the App Store and Play Store algorithms to propagate their apps.

Last week, Google kicked out an Android VPN app ‘SuperVPN’ — downloaded over 100 million times — with critical vulnerability that posed a Man In The Middle (MITM) attack threat for the users.

The Road Ahead
Once you download a VPN, it becomes in-charge of your incoming and outgoing data. So, one has to be very careful with what are they downloading and from where. Also, if you’re looking for zero-cost VPN services, do your research for how worth it is to download a free VPN. This crisis might make malicious actors more aggressive than before with a plethora of unsecured endpoints waiting for them.


Please enter your comment!
Please enter your name here

17 + = 24