If you're looking to download ProtonVPN software, be careful -- there's a fake version of the popular VPN client that infects your computer with malware designed to steal your passwords and any Bitcoin you might have lying around.
Kaspersky (opens in new tab) researchers reported yesterday (Feb. 18) that Russian miscreants had copied the real ProtonVPN site at protonvpn.com wholesale and posted an exact duplicate at protonvpn-dot-store. The crooks lured victims to the phony ProtonVPN site with malicious banner ads on other websites.
But if you clicked the big green "Get ProtonVPN Now" button in the middle of page, you'd download something that looked like a ProtonVPN installer yet was in fact the AZORult Trojan, a notorious information-stealer.
- Best VPN: Secure your connections
- The best free VPN services: Privacy on the cheap
- WireGuard will make your VPN connection much faster — here's how
"The threat actors have designed the malware to steal cryptocurrency from locally available wallets (Electrum, Bitcoin, Etherium, etc.), FTP logins and passwords from FileZilla, email credentials, information from locally installed browsers (including cookies), credentials for WinSCP, Pidgin messenger and others," wrote Kaspersky's Dmitry Bestuzhev.
Several months ago, Bleeping Computer reminded us, another (or perhaps the same) gang cloned the NordVPN website and got people to download the Bolik banking Trojan.
In that case, the tainted NordVPN software actually worked. In yesterday's report, Kaspersky didn't indicate whether the fake ProtonVPN installer did as well.
The fake ProtonVPN site is still up, but the big green button now leads you to a random Twitter post extolling the virtues of ProtonVPN.
- More: Discover the vast range of VPN uses in our comprehensive guide