Cyber Security

Hackers Use VPN Installers To Install Surveillanceware On Your Device

The consumer VPN market has seen explosive growth in the last few years due to the increasing popularity of VPN technologies. 

Users can keep their internet traffic private and anonymous with these ubiquitous utilities while avoiding restrictions or censorship on their usage of the internet.

A malware campaign that began in May 2022 involved the use of tainted VPN installers to deliver EyeSpy, a piece of surveillanceware that conducts a wide range of surveillance activities.

Technical Analysis of the Malware

It was offered for sale in November of 2021 at prices ranging from $99 to $200 depending on where you looked. A batch of processes that were observed to follow the same pattern both in the names and in the execution of the processes, were noticed by Bitdefender experts as they carried out routine analyses of detection performance.

A system name is usually based on the words sys, lib, and win, followed by a word that describes the functionality of the application, such as:-

  • bus
  • crt
  • temp
  • cache
  • init
  • 32.exe

With the help of trojanized installers, it allows attackers to access users of 20Speed VPN, an Iranian VPN service, and spy on them using the components of SecondEye.

Infections are reported to have mostly originated from the Iranian region, though there have also been small detections in the following countries:- 

  • Germany
  • The U.S.

It is claimed that SecondEye is a commercial monitoring program and it could be used as:-

  • Parental control system
  • Online watchdog

It was revealed by Blackpoint Cyber that SecondEye’s spyware modules and infrastructure have been used by unknown threat actors for the purpose of storing data and payloads in August 2022, when SecondEye previously surfaced under the radar.

It is unknown what mechanism was used in these incidents to gain access in the first place. Even though the spyware components used in both sets of activities are similar, there is insufficient evidence to link them together.

Network Security Checklist – Download Free E-Book


Gurubaran is a Security Consultant, Security Editor & Co-Founder of Cyber Security News & GBHackers On Security.

Recent Posts

WhatsApp Secret Code Feature Lets Users Set Unique Locked Chat Passwords

WhatsApp has announced the rollout of a new feature to safeguard sensitive conversations. The Secret…

3 mins ago

SSNDOB Marketplace Admin Jailed for Selling millions of Americans Data

In a resounding triumph for justice, U.S. District Judge Kathryn Kimball Mizelle has sentenced Vitalii…

12 hours ago

Is Your Online Store Hacked in a Carding Attack? Here’s an Action Plan to Protect

Hackers are plotting to benefit from the generosity of Halloween, Thanksgiving, and Christmas shoppers using…

15 hours ago

Google Researchers Find Out How ChatGPT Queries Can Collect Personal Data

The LLMs (Large Language Models) are evolving rapidly with continuous advancements in their research and…

16 hours ago

New Android Malware Employs Various Tactics to Deceive Malware Analyst

In the dynamic realm of mobile application security, cybercriminals employ ever more sophisticated forms of…

18 hours ago

DJvu Ransomware Mimic as Cracked Software to Compromise Computers

A recent campaign has been observed to be delivering DJvu ransomware through a loader that…

19 hours ago