An unknown group has been distributing a trojanized SonicWall SSL VPN NetExtender application to steal credentials from unsuspecting users. Dubbed SilentRoute by Microsoft, the malicious software has been disguised to appear as version 10.3.2.27. It was found on a fake website that has since been taken down. Users searching for the legitimate application may have fallen prey to this scam via malvertising techniques. The altered installer connects to a remote server, exfiltrating sensitive VPN configuration information.
"The threat actor added code in the installed binaries of the fake NetExtender so that information related to VPN configuration is stolen and sent to a remote server," Ganachari said.
"NetExtender enables remote users to securely connect and run applications on the company network," SonicWall researcher Sravan Ganachari said.
Collection
[
|
...
]