• Fake X-VPN installers found to spread credential-stealing malware

    From TechnologyDaily@1337:1/100 to All on Wed Jun 10 10:45:24 2026
    Fake X-VPN installers found to spread credential-stealing malware here's how to stay safe

    Date:
    Wed, 10 Jun 2026 09:30:44 +0000

    Description:
    Researchers found a trojanized X-VPN installer used to deploy STX RAT
    malware. X-VPN itself was not breached, and only attacker-hosted downloads
    are affected.

    FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Subscribe to our newsletter Fake X-VPN installer found to deploy credential-stealing malware X-VPN was not hacked; only those downloading the fake app were affected First targeting crypto traders, criminals widened to privacy-minded users A new report has uncovered an uncomfortable truth for anyone who downloads software from somewhere other than the official source: a trusted-looking app can be weaponized against
    you.

    Threat researchers at Cyderes have been tracking an active campaign that uses a fake X-VPN installer to deploy malware known as the STX RAT, which steals credentials and hands attackers remote control of an infected machine. Crucially, this is not a breach of X-VPN , a provider that has just proved
    its privacy credentials with an independent no-log audit. The company's official download channels were unaffected, and the only people at risk were those who installed a malicious copy from attacker-controlled sources.

    This is a stark reminder that, even if you pick one of the best VPN services around, you still need to be careful with downloads. As Google warned in its November 2025 fraud advisory, scammers are increasingly disguising malware as legitimate VPN apps to steal users' data. How the fake X-VPN attack works (Image credit: Cyderes) As the Cyderes' findings show, attackers took genuine X-VPN program files and slipped in one extra malicious file named CRYPTBASE.dll, a technique called DLL sideloading. You may like 'Cybercriminals are industrializing deception': new report reveals how major global cybercrime syndicates have infiltrated trusted domains with millions now at risk - here's what you need to know A fake OpenAI repository has taken top spot on Hugging Face but all it does is push infostealer malware
    Yandex's analytics tool found in 16 of the most downloaded free VPN apps in Russia here's what it means for your privacy

    Because of a quirk in how Windows finds that file, the app appears to install normally while the hidden file injects the STX RAT malware straight into the computer's memory, leaving little trace for antivirus tools to catch.

    Once active, STX RAT can harvest saved browser passwords and session tokens, collect system information, run commands remotely, and talk to its servers over ordinary encrypted web traffic, so it blends in. The fake VPN was one of 11 malicious packages tied to the operation, alongside trojanized installers for Binance, Bybit, MetaTrader 5, Exodus, and Steam.

    The campaign began by targeting cryptocurrency traders, then pivoted to a trojanized X-VPN package to reach privacy-conscious users who often handle sensitive credentials. The same malware spread earlier through a brief compromise of the CPUID website, which Kaspersky linked to more than 150 victims across several countries and industries.

    To its credit, X-VPN responded quickly, releasing Windows version 77.5.3 with hardened DLL loading controls. Users of the X-VPN app should update to that version or later. How to avoid fake VPN apps The good news is that the single most effective defense here is also the simplest and requires no technical skill. Most of these attacks fall apart the moment you refuse to download software from anywhere other than the official source. What to read next Huge hacking campaign uses spoofed Ghidra, dnSpy, and SpiderFoot security tools to harvest ad revenue and serve malware How do I know if I can trust my VPN provider with my privacy? Top download manager JDownloader hacked installers replaced with dangerous malware

    Use the vendor's own website or an official app store , and avoid installers from third-party repositories or links sent to you. In this campaign, the files lived in an unknown Bitbucket repository.

    There have been other cases of criminals using a fake free VPN to spread malware , so treat suspiciously cheap apps as a red flag .

    Type the address yourself rather than clicking ads or search results, which avoids look-alike sites.

    Keep software updated and run reputable security software for an extra layer of protection. Because STX RAT runs in memory and tries to evade detection, a modern antivirus or endpoint tool gives you an extra layer of protection alongside good download habits.

    If you think you installed a fake VPN, assume your passwords and sessions may be exposed. Change important passwords from a clean device, sign out everywhere , and turn on two-factor authentication . A VPN is a valuable privacy tool, but only when you install the genuine article from a source you can trust. Today's best VPN deals NordVPN 2 Year 2.29 /mth View +3 months
    free Surfshark 24 Months 1.49 /mth View Proton VPN 24 Month 2.39 /mth View We check over 250 million products every day for the best prices Follow
    TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!



    ======================================================================
    Link to news story: https://www.techradar.com/vpn/vpn-privacy-security/fake-x-vpn-installers-found -to-spread-credential-stealing-malware-heres-how-to-stay-safe


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)