Bladabindi Backdoor Trojan Hidden in VPN Installer
Users installing Windscribe VPN from third party sites run the risk of installing a backdoor. At first glance, the installer looks legitimate but in reality, the software is bundled with a trojan which allows hackers to gain access to the computer. The fake installer for Windscribe VPN contains the Bladabindi backdoor. Bladabindi is able to execute remote commands, log keystrokes, take screenshots , and collect information about the computer including antivirus software and passwords stored in browsers.
The fake installer was discovered by researchers at TrendMicro. Researchers at TrendMicro discovered the fake installer on third-party download sites. The installers on Windscribe's official download center or from Google Play or Apple's Apps Store aren't affected. Some users download applications from third-party sites because they are cheaper or free. These third-party sites don't always have legitimate software, sometimes hackers bundle the legitimate file along with malicious files into the installer. These installers include legitimate icons to make the packages look legitimate. Users who download such packages are unlikely to notice that there may be something wrong with them.
When the installer is executed, it installs the Windscribe VPN but also runs a file in the background that downloads malware from a website. Since the file runs in the background, the victim is not aware of it. Bundling malware with legitimate applications is a popular way to infect devices. Trojans are used by hackers to create backdoors to devices or company networks. The malicious Windscribe VPN installer contains the Bladabindi remote access Trojan. The Bladabindi backdoor allows hackers to access and remotely control infected computers without proper authentication.
To prevent becoming another victim, don't download applications from unknown sources. Only download apps from official sites. Check the website's URL with the domain name for the application's official website. Make sure to check app stores' domain names as shown in the website's URL. Check for misspellings and look out for similar domain names. Don't download applications from unknown email addresses since these may be phishing emails. Don't click on links contained in emails. Check the link on the email by hovering over a link first to get a preview of the link's URL and see where it leads before clicking.