Skip to main content

Third-party VPN downloads put users at risk of Trojan attacks — here's how to avoid them

VPN malware
(Image credit: Jefferson Santos)

Users downloading the popular free VPN Windscribe from third-party sources are putting themselves at risk from a malicious, trojanized Windows backdoor attack, warns cybersecurity firm Trend Micro.

This particular backdoor is named ‘Bladabindi’, and once installed it can execute commands, log keystrokes, take screenshots, and collect sensitive information about the computer — including system details, programs running, and even stored passwords.

Trend Micro reports that this malware comes bundled with a legitimate Windscribe installer, and once installed it’s effectively undetectable. Also, thanks to the working Windscribe software, users are unlikely to suspect anything.

It’s important to note that Windscribe itself has no part to play in this. As one of the best VPN services, it was seemingly chosen by the attackers due to its popularity.

The bundle contains three discrete items: a genuine Windscribe installer; the malicious file ‘lscm.exe’ which facilitates the backdoor; and the malicious file’s runner, ‘win.vbs’.

When installing the legitimate VPN, Windscribe’s installation panel is also thought to hide other processes from the user’s view.

This bundling technique is a common and effective way of delivering malicious payloads. Because the user gets what they intended to download — in this case a working copy of WIndscribe — most suspicions will abate after the program is running.

How to avoid Bladabindi

Getting more than you bargained for can have dire consequences, so downloading from legitimate sources where possible is always advised.

A brief search for ‘download Windscribe’ or ‘download IPVanish’ will bring up countless results from third-party repositories. Instead of putting yourself at risk from these booby-trapped bundles, always head to the website of the service provider, or a legitimate app store.

The choice to bundle this backdoor software with one of the most popular VPN apps is likely due to the fact that countless people are flocking to VPN providers to secure their sensitive data as they work from home, which seems set to be the way the world will work for at least a few more months.

However, not taking other precautions when using a VPN — or downloading one bundled with malware — can still result in breaches of data and dangerous hacks. While VPNs are certainly powerful tools to have at your disposal, they are by no means a panacea for every Internet evil lurking on the web, so while we thoroughly encourage their use, users still need to stay savvy.

Mo is eCommerce Editor at Tom's Guide. Day-to-day he oversees privacy and security content, and his product guides help his readers find the best software and products for their needs. When he's not testing VPNs, you'll find him working on his classic car or plugged into a guitar amp.