A fake VPN going by the name of Pirate Chick VPN has been installing malicious payloads, including the AZORult password-stealing Trojan.
However, its purpose has been revealed to connect you to a remote server that installs malware to your device.
Reported on by Bleeping Computer which analyzed the software, it states: “This is a Trojan that pretends to be a legitimate VPN software, but in the background downloads and installs a malware payload on a victim.”
During the installation process, Pirate Chick VPN has been delivering a payload into the %Temp% folder of Windows machines with the intent to steal passwords. After installing the VPN, it becomes apparent that the signup screen is broken, shown to be merely replicating the appearance of a legitimate VPN.
If you have downloaded or installed Pirate Chick VPN take a look at your device’s running processes for ImmunityDebugger, Fiddler, Wireshark, Regshot, or ProcessHacker – these are all executed by the embedded Trojan.
You should also check for %Temp%\wohsm.exe, as this is the executable file masking the AZORult Trojan. Pirate Chick VPN is also said to have distributed itself via fake Adobe Flash Player and adware bundles, so even those who have never visited its website may be affected.
If you have installed Pirate Chick VPN you should run a full virus scan immediately and eliminate any trace of it that you can find. A full system restore from a backup point that you are satisfied with, before the installer was downloaded, would be a surefire way to eliminate the problem.
Incidents like this are, unfortunately, a common practice. Simon Migliano, Head of Research at Top10VPN.com, said: “As VPN use becomes more popular and enters the mainstream, we will continue to see an increase in malicious and, as in this case, outright fake VPNs hoping to take advantage of unsuspecting users.
“While not every free VPN will infect you with a Trojan, many will harvest your browsing data or at the very least, leave your privacy poorly protected while they serve you intrusive ads.”
This was corroborated by a report by The Commonwealth Scientific and Industrial Research Organisation (CSIRO), which suggested that up to 40% of free VPNs inject malware to your device. This can take the shape of intrusive ads or spam emails, but also include hacking into important online accounts.
As these scams take on the appearance of greater reliability and professionalism, customers should be extra wary of the threat of these fake VPNs. Migliano advises: “No matter how slick and convincing a VPN might appear, it’s absolutely imperative to do your research before using any VPN service […] Be wary of anything that looks too good to be true. In this case, three months’ free with no credit card is clearly a red flag.”