Latest Top Posts

pixel-9,-9-pro,-and-9-pro-fold-back-on-sale-at-google-store

Pixel 9, 9 Pro, And 9 Pro Fold Back On Sale At Google Store

i-recommend-buying-phones-online-over-in-store,-but-you-should-be-careful-with-trade-ins

I Recommend Buying Phones Online Over In-Store, But You Should Be Careful With Trade-Ins

i-tried-a-new-ai-wearable-at-ces-2025-and-actually-came-away-impressed

I Tried A New AI Wearable At CES 2025 And Actually Came Away Impressed

samsung-to-rely-on-ai-to-boost-its-global-market-growth

Samsung To Rely On AI To Boost Its Global Market Growth

google-warns-of-malware-campaign-using-trojanized-popular-vpns

Google Warns Of Malware Campaign Using Trojanized Popular VPNs

Google Warns Of Malware Campaign Using Trojanized Popular VPNs

All the latest Android & Tech news Cybersecurity Google Malware Tech News VPNs Add Comment 3 Min Read
google-warns-of-malware-campaign-using-trojanized-popular-vpns
Google Warns Of Malware Campaign Using Trojanized Popular VPNs

VPN apps are becoming increasingly popular among the public. It seems that malicious actors have realized this and have incorporated them into their countless strategies to try to trick potential victims. Google is now warning about a threat that involves trojanized VPN apps and the manipulation of search results to install malware.

Google’s Managed Defense team spotted a method based on tricking the user into downloading VPN apps from malicious websites that pretended to be the official ones. The VPN app is trojanized so that, by installing it, the attackers can gain a series of remote action privileges on your PC.

Google warns of threat based on trojanized VPN apps

According to the researchers’ report, “the malware is bundled with popular applications, like LetsVPN, and distributed through SEO poisoning.” SEO poisoning is a manipulation method used by attackers to put their own websites at the top of search results. This makes users think they are accessing a legitimate website when, in fact, it is a malicious one.

Most of the time, people think that a website is more trustworthy or real if it’s higher up in search results. SEO poisoning is being applied primarily to results related to VPN app downloads. However, the first results actually lead to the download of VPNs trojanized with the “Playfulghost” malware. Playfulghost is “a backdoor that shares functionality with Gh0st RAT,” the report says.

See also  Samsung Patents More AI-Powered Imaging & Smart Glasses Tech

Gh0st RAT (Remote Access Terminal) is a remote administration tool that has been around since at least 2008. So, attacks based on its tech are not exactly new. Playfulghost is similar. However, it has its own traffic and encryption patterns that make it different enough to be called a different tool.

The malware will give remote access to your PC to attackers

Playfulghost enables several possibilities of remote control of the infected computer to the attacker. Malicious actors can open, delete, and write new files, for example. Plus, the tool is able to capture and send to a remote server key logs, screenshots, and audio.

SEO poisoning is not the only trick method used by attackers. They also resort to classic phishing attacks via emails with links to malicious sites from which to download trojanized VPNs. It’s noteworthy that there are also cases of infection by camouflaged executables. Google describes the case of a victim who opened an “image” that was actually the Playfulghost malware.

Given what we’ve seen, you can’t trust 100% in the positioning of a website on search engine results to determine its legitimacy. So, when you want to download software, it’s best to type in the name of the official site. This will take you more time, but it could save you a lot of headaches.

See also  Anker's New 140W Charger Has A Built-In Display

Tags: