Subj : SonicWall warns of fake VPN apps stealing user logins and putting To : All From : TechnologyDaily Date : Wed Jun 25 2025 17:30:06 SonicWall warns of fake VPN apps stealing user logins and putting businesses at risk - here's what we know Date: Wed, 25 Jun 2025 16:23:00 +0000 Description: SonicWall has issued an advisory after spotting spoofed VPN clients that steal configurations and credentials. FULL STORY ======================================================================SonicWal l is warning hackers are distributing malicious VPN software NetExtender is being modified and distributed through fake websites The malicious software steals credentials and VPN configurations Hackers have been spotted spoofing the SonicWall NetExtender SSL VPN client and distributing it through bogus webpages which mimic the official SonicWall site. SonicWall and Microsoft Threat Intelligence (MSTIC) spotted the trojanized application and issued an advisory to warn users against downloading the fake software. As NetExtender is used as a remote access VPN client, stolen VPN configuration data and VPN credentials can put both employees and businesses at risk of compromise. Spoofed VPN client distributed through fake website The fake VPN client is signed by "CITYLIGHT MEDIA PRIVATE LIMITED," giving it a limited level of authenticity which can fool some low level cyber protections. The file was distributed using SEO poisoning and malvertising techniques which can make the fake website appear above the authentic site, especially in sponsored results. (Image credit: SonicWall) Therefore, SonicWall has reminded users to only download software from legitimate sources, in this case, sonicwall.com and mysonicwall.com. In the research conducted by SonicWall and MSTIC, they found two modified binaries of their product being distributed by the fake website; NEService.exe which was modified to bypass digital certificate checks; and NetExtender.exe was modified to steal the configuration data and credentials. (Image credit: SonicWall) When all the necessary details are entered and the user clicks connect, the data which includes username, password, domain, and more, is extracted and sent to a remote server controlled by the hackers. Both SonicWalls and Microsofts cybersecurity tools can now detect the malicious software, but other third party software may not yet be configured to detect the files. Its always a good idea to consult the best antivirus software to protect your devices from modified software and malicious files. You might also like The best malware removal can dislodge dodgy files Protect your credentials with the best password manager 2024 saw a surge in malicious free VPN apps ====================================================================== Link to news story: https://www.techradar.com/pro/security/sonicwall-warns-of-fake-vpn-apps-steali ng-user-logins-and-putting-businesses-at-risk-heres-what-we-know --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .