Third-party VPN downloads put users at risk of Trojan attacks — here's how to avoid them

VPN malware
(Image credit: Jefferson Santos)

Users downloading the popular free VPN Windscribe from third-party sources are putting themselves at risk from a malicious, trojanized Windows backdoor attack, warns cybersecurity firm Trend Micro.

This particular backdoor is named ‘Bladabindi’, and once installed it can execute commands, log keystrokes, take screenshots, and collect sensitive information about the computer — including system details, programs running, and even stored passwords.

Trend Micro reports that this malware comes bundled with a legitimate Windscribe installer, and once installed it’s effectively undetectable. Also, thanks to the working Windscribe software, users are unlikely to suspect anything.

It’s important to note that Windscribe itself has no part to play in this. As one of the best VPN services, it was seemingly chosen by the attackers due to its popularity.

The bundle contains three discrete items: a genuine Windscribe installer; the malicious file ‘lscm.exe’ which facilitates the backdoor; and the malicious file’s runner, ‘win.vbs’.

When installing the legitimate VPN, Windscribe’s installation panel is also thought to hide other processes from the user’s view.

This bundling technique is a common and effective way of delivering malicious payloads. Because the user gets what they intended to download — in this case a working copy of WIndscribe — most suspicions will abate after the program is running.

How to avoid Bladabindi

Getting more than you bargained for can have dire consequences, so downloading from legitimate sources where possible is always advised.

A brief search for ‘download Windscribe’ or ‘download IPVanish’ will bring up countless results from third-party repositories. Instead of putting yourself at risk from these booby-trapped bundles, always head to the website of the service provider, or a legitimate app store.

The choice to bundle this backdoor software with one of the most popular VPN apps is likely due to the fact that countless people are flocking to VPN providers to secure their sensitive data as they work from home, which seems set to be the way the world will work for at least a few more months.

However, not taking other precautions when using a VPN — or downloading one bundled with malware — can still result in breaches of data and dangerous hacks. While VPNs are certainly powerful tools to have at your disposal, they are by no means a panacea for every Internet evil lurking on the web, so while we thoroughly encourage their use, users still need to stay savvy.

Mo Harber-Lamond
VPN Editor

Mo is VPN Editor at Tom's Guide. Day-to-day he oversees VPN, privacy, and cybersecurity content, and also undertakes independent testing of VPN services to ensure his recommendations are accurate and up to date. When he's not getting stuck into the nitty-gritty settings of a VPN you've never heard of, you'll find him working on his Peugeot 205 GTi or watching Peep Show instead of finally putting up those shelves.