Tainted VPN installers are used to deliver monitoring software called EyeSpy as part of a malware campaign launched in May 2022.
It uses “components of SecondEye – a legitimate monitoring application – to spy on users of 20Speed VPN, an Iran-based VPN service, via trojanized installers,” Bitdefender said in an analysis.
A majority of the infections are believed to have originated in Iran, with smaller detections in Germany and the US, the Romanian cybersecurity firm added.
According to snapshots taken via the Internet Archive, SecondEye claims to be commercial surveillance software that can act as a “parental control system or an online watchdog”. As of November 2021, it will be on sale between $99 and $200.
It has a variety of features that allow it to take screenshots, record microphones, log keystrokes, collect files and saved passwords from web browsers, and remotely control the machines to run any command.
SecondEye previously went under the radar in August 2022 when Blackpoint Cyber revealed the use of its spyware engines and infrastructure for data and payload storage by unknown threat actors. The initial access mechanism used in these incidents is currently unknown.
Bogdan Botezatu, director of threat research and reporting at Bitdefender, told The Hacker News that despite using the same spyware components, there is insufficient evidence to link the two activities to a single campaign.
The latest chain of attacks begins when an unsuspecting user downloads a malicious executable from 20Speed VPN’s website, suggesting two plausible scenarios: either 20Speed VPN’s servers hosting the spyware were breached, or it is acting It is a deliberate attempt to spy on people who may be downloading VPN apps to bypass internet outages in the country.
Once installed, it starts legitimate VPN service while at the same time secretly launches series of nefarious activities in order to establish persistence and download next-level payloads to collect personal data from host.
“EyeSpy is capable of completely compromising online privacy through keylogging and stealing sensitive information such as documents, images, crypto wallets and passwords,” said Bitdefender researcher Janos Gergo Szeles. “This can lead to full account takeovers, identity theft and financial loss.”
Did you find this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we publish.
Is RKill malware?
What is RKill for? RKill is a program developed at BleepingComputer.com that attempts to kill known malware processes so your regular security software can then run and rid your computer of infections.
Is RKill free?
Free software for security seekers RKill is specialized software that can be used to notify users of suspected malware and delete it once found.
Is a beeping computer a safe bet?
Overview. Bleeping Computer has a consumer rating of 4.39 stars from 18 reviews, indicating that most customers are generally satisfied with their purchases. Bleeping Computer ranks 25th among tech support sites.
Who owns BleepingComputer?
Lawrence Abrams is the Editor-in-Chief and owner of BleepingComputer.com. Lawrence’s areas of expertise include security, malware research, ransomware, and computer forensics.
Is BleepingComputer com legit? Bleeping Computer is a website covering technology news and offering free computer help through its forums, created by Lawrence Abrams in 2004. It publishes news that focuses heavily on cybersecurity, but also covers other topics such as computer software, computer hardware, operating systems, and general technology.
Where is BleepingComputer located?
It is a community dedicated to providing free original content consisting of computer help and tutorials. Computer or technology issues with your peers and learn the basics about computers and technology. BleepingComputer was founded in February 2004 in Melville, New York.
Who is Lawrence Abrams?
Lawrence Abrams is a PhD student at the University of California, Davis, specializing in modern British history with an emphasis on Scottish ethnic, national and imperial history. His dissertation examines ideas of Union and changing expressions of Scottish identity in political, military and cultural arenas.
Is RKill good?
RKill is completely safe to use, although some antivirus tools flag it as malicious, according to its VirusTotal report.
Is Malwarebytes com safe? Is Malwarebytes safe? Yes, Malwarebytes is safe. It has a decent virus scanner, real-time protection that offers multiple layers of protection against malware, system vulnerabilities, and online threats, and a browser extension that provides additional protection against phishing and malicious websites.
Is Malwarebytes malware?
Malwarebytes (formerly Malwarebytes Anti-Malware, abbreviated MBAM) is anti-malware software for Microsoft Windows, macOS, ChromeOS, Android and iOS that finds and removes malware.