Storm-2561 Spreads Trojan VPN Clients via SEO Poisoning to Steal Credentials
Foto: The Hacker News
Microsoft has disclosed details of a credential theft campaign that employs fake virtual private network (VPN) clients distributed through search engine optimization (SEO) poisoning techniques. "The campaign redirects users searching for legitimate enterprise software to malicious ZIP files on attacker-controlled websites to deploy digitally signed trojans that masquerade as trusted VPN clients
Microsoft has disclosed details of a credential theft campaign that employs fake virtual private network (VPN) clients distributed through search engine optimization (SEO) poisoning techniques. "The campaign redirects users searching for legitimate enterprise software to malicious ZIP files on attacker-controlled websites to deploy digitally signed trojans that masquerade as trusted VPN clients
More from Security
$285 Million Drift Hack Traced to Six-Month DPRK Social Engineering Operation
36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants
Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS
China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing
Related Articles
How LiteLLM Turned Developer Machines Into Credential Vaults for Attackers
Apr 6
Qilin and Warlock Ransomware Use Vulnerable Drivers to Disable 300+ EDR Tools
Apr 6
BKA Identifies REvil Leaders Behind 130 German Ransomware Attacks
Apr 6