14 DAY TRIAL // Virtual Private Networks (VPNs) are a great way to protect your data, and with the recent spying revelations, more and more people are turning to VPNs. However, experts warn that not all websites promising such software can be trusted.
Malwarebytes researchers have come across a website called aquavpn(dot)com, an anonymously registered site which claims to offer a VPN service called AquaVPN.
To many people, the website might look like it belongs to a legitimate service provider, but in reality, it has been set up to distribute a piece of malware that’s designed to steal information from infected computers.
The malicious element is served when visitors try to click on various buttons. That’s when they’re told to run a Java applet in order to connect to AquaVPN.
If the applet is executed, two files are dropped into a directory on the hard drive. One of the files is a keylogger, which logs every key pressed by the user, and the other one is where the stolen information is stored.
Additional technical details are available on the Malwarebytes blog.