1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • SonicWall warns of fake VPN apps stealing user logins and putting

    From TechnologyDaily@1337:1/100 to All on Wed Jun 25 17:30:06 2025
    SonicWall warns of fake VPN apps stealing user logins and putting businesses at risk - here's what we know

    Date:
    Wed, 25 Jun 2025 16:23:00 +0000

    Description:
    SonicWall has issued an advisory after spotting spoofed VPN clients that
    steal configurations and credentials.

    FULL STORY ======================================================================SonicWal l is warning hackers are distributing malicious VPN software NetExtender is being modified and distributed through fake websites The malicious software steals credentials and VPN configurations

    Hackers have been spotted spoofing the SonicWall NetExtender SSL VPN client and distributing it through bogus webpages which mimic the official SonicWall site.

    SonicWall and Microsoft Threat Intelligence (MSTIC) spotted the trojanized application and issued an advisory to warn users against downloading the fake software.

    As NetExtender is used as a remote access VPN client, stolen VPN
    configuration data and VPN credentials can put both employees and businesses at risk of compromise. Spoofed VPN client distributed through fake website

    The fake VPN client is signed by "CITYLIGHT MEDIA PRIVATE LIMITED," giving it a limited level of authenticity which can fool some low level cyber protections.

    The file was distributed using SEO poisoning and malvertising techniques which can make the fake website appear above the authentic site, especially
    in sponsored results. (Image credit: SonicWall)

    Therefore, SonicWall has reminded users to only download software from legitimate sources, in this case, sonicwall.com and mysonicwall.com.

    In the research conducted by SonicWall and MSTIC, they found two modified binaries of their product being distributed by the fake website;
    NEService.exe which was modified to bypass digital certificate checks; and NetExtender.exe was modified to steal the configuration data and credentials. (Image credit: SonicWall)

    When all the necessary details are entered and the user clicks connect, the data which includes username, password, domain, and more, is extracted and sent to a remote server controlled by the hackers.

    Both SonicWalls and Microsofts cybersecurity tools can now detect the malicious software, but other third party software may not yet be configured to detect the files. Its always a good idea to consult the best antivirus software to protect your devices from modified software and malicious files. You might also like The best malware removal can dislodge dodgy files Protect your credentials with the best password manager 2024 saw a surge in malicious free VPN apps



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/sonicwall-warns-of-fake-vpn-apps-steali ng-user-logins-and-putting-businesses-at-risk-heres-what-we-know


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)