Wednesday, September 11, 2019

Fake NordVPN Web Site Drops Banking Malware Spotted in the Wild

I've recently came across to a rogue NordVPN web site distributing malicious software potentially exposing NordVPN users to a multi-tude of malicious software further compromising the confidentiality availability and integrity of the targeted host to a multi-tude of malicious software.

In this post, I'll provide actionable intelligence on the infrastructure behind the campaign and discuss in-depth the tactics techniques and procedures of the cybercriminals behind it.

Sample malicious URL known to have participated in the campaign:
hxxp://nord-vpn.club - 192.64.119.159; 2.56.215.159

Sample malicious MD5s known to have participated in the campaign:
MD5: 3c24aa2c26e3556194ffd182a4dfaae5a41f
MD5: 7d6c24992eff0d64f19c78f05ea95ae44bc83af1
MD5: d39c320c3a43873db2577b2c9c99d9bf2bdb285c
MD5: d5ed3c70a8d7213ed1b9a124bbc1942e2b8cfeea
MD5: e89efde8ae72857b1542e3ae47f047c54b3d341a
MD5: 59f511ea1e34753f41a75e05de96456ca28f14a7
MD5: 453c428edda0fc01b306cc6f3252893fce9763a7