Technology

New Malware Targets VPN Apps to Hack Devices: Here’s How to Defend Yourself

Cybersecurity researchers have identified a new type of malware capable of executing files, capturing audio and screen activity, and connecting to a remote shell, enabling attackers to launch further assaults. Known as PLAYFULGHOST, this malware is infamous for distributing trojanized VPN software via phishing campaigns and SEO poisoning tactics.

The feature set of the PLAYFULGHOST virus allows it to acquire a wide variety of data. It can set up persistence on the host in four different ways: run registry key, scheduled task, Windows Startup folder, and Windows service. It can record everything from keystrokes and screenshots to audio, installed security goods, clipboard content, system metadata, QQ account information, and installed security products.

The malware can execute file operations, remove Windows event logs, erase clipboard data, drop more payloads, and destroy caches, web browser profiles, messaging app storage, and profiles.

Malware Using Mimikatz and SEO Poisoning to Infiltrate Systems

Additionally, it has the ability to install Mimikatz, an open-source program that can retrieve passwords; a rootkit that can conceal the registry, files, and processes selected by the threat actor; and an additional open-source tool called Terminator, which can terminate security processes through a BYOVD (Bring Your Own Vulnerable Driver) attack.

In most cases, PLAYFULGHOST penetrates your system through phishing emails that pretend to be from reputable VPN providers like LetsVPN, but in reality, they are actually trying to trick you into downloading a malicious version of their app.

One victim was duped into opening a malicious RAR package masquerading as an image file with a.jpg extension, which subsequently dropped a malicious Windows executable. Afterward, PLAYFULGHOST was downloaded and run from a distant server. The backdoor is functionally similar to Gh0st RAT, whose source code was publicly disclosed in 2008, according to Google’s Managed Defence team.

When an SEO poisoning attack succeeds, it may trick victims into downloading malware that includes LetsVPN installations. Once installed, the malware will drop an interim payload that retrieves the backdoor components.

By using techniques like side loading and DLL search order hijacking, a virus with PLAYFULGHOST is able to decode and load the program into memory. It has also been observed to use renamed versions of Windows shortcuts that combine many files to create a malicious DLL.

Tips to Stay Safe from PLAYFULGHOST Malware

Here are a few tips to stay safe from this malware:

  • Familiarize yourself with common phishing techniques and verify suspicious emails by contacting the sender directly before clicking any links or attachments.
  • Avoid sharing personal information with untrusted websites and businesses, and always ensure you download apps from official websites, not from shared links.
  • Be cautious of any email links, especially those claiming account issues; manually enter the company’s website into your browser to ensure authenticity.
  • Use unique passwords for each account, manage them with a password manager, and enable two-factor authentication whenever possible.
  • Keep all devices updated with the latest antivirus software, and consider using antivirus programs that offer additional security features like VPNs or secure browsers.
Sponsored
Huma Ishfaq

Share
Published by
Huma Ishfaq

Recent Posts

Samsung to Launch Galaxy S25 Series at Galaxy Unpacked Event on January 22, 2025

Samsung is currently setting up for its much-anticipated Galaxy Unpacked launch event later this month,…

35 mins ago

Sindh Government Plans Action Against Misuse of Official Vehicles

KARACHI: The Sindh government has initiated a comprehensive crackdown on the misuse of official vehicles,…

36 mins ago

Indian Government Websites Continue to Redirect Users to Scam Sites

Several Indian government websites are still permitting scam links to be planted on their official…

55 mins ago

Govt to Hire Consultant for Starlink Licensing in Pakistan

Islamabad: The federal government is planning to engage a consultant to finalize the regulations for…

58 mins ago

Merger of Shutterstock and Getty Images Forms $3.7 Billion Visual Content Giant

Tuesday saw the announcement of a cash-and-stock merger between Getty Images and rival Shutterstock. According…

2 hours ago

OnePlus 13 vs OnePlus 13R; Which Device Should You Choose?

OnePlus has unveiled its latest flagship devices, the OnePlus 13 and OnePlus 13R. While they…

2 hours ago