Cyber criminals recently developed a web server for Nord VPN and two office applications
Scientists say the result is an attempt to harm visitors through the Win32.Bolij.2 Trojan Bank.
The flagship website NordVPN, Nord-vpnclub, launched on August 8, attracted thousands of visitors this month, Dr.Web
It was released on August 19 on the company’s website. [The website is well known
Same format, color and layout as well as current website, nordvpn.com. It also has a valid SSL certificate.
The website tries to get visitors to download the program contained in Poliz 2 scientists. Webb
Please note that the trojan description is a new version of Win32.Bolik.1 with several bugs.
And injection on the web, closing of traffic, closing of key clippings and possibility of theft of data from various bank
The attackers copied a similar plan in June
Website for 360 corporate and crystal accounting systems
Create a business / office application. This is what Dr. Said Webb
This task is not limited to boliz.2, Trojan.BWSSetStealer .26645.
Also known as snake information.
In April last year, Dr. The site of the same cybercrime group
Hacking and using websites with VDSC video editing software
Links to Bolij.2 and KPOT Stealer for malware distribution. In addition
However, the new campaign did not require, for example, the demolition of the site.
The attackers simply created a fake site.