Beware of fake SonicWall VPN app that steals users' credentials

Unknown miscreants are distributing a fake SonicWall app to steal users' VPN credentials.

In a Monday threat intel alert, the firewall and VPN slinger said it and Microsoft spotted the info-stealing campaign, in which would-be thieves distributed a "hacked and modified version of SonicWall's SSL VPN NetExtender application that closely resembles the official SonicWall NetExtender software."

The attackers distributed a Trojanized installer of SonicWall's legitimate NetExtender 10.3.2.27, digitally signed with a fake "CITYLIGHT MEDIA PRIVATE LIMITED" certificate, via spoofed download sites.

Users would visit the spoofed sites, and then download what they believed to be the most recent version of the SonicWall VPN app. But in reality, they got a fake NetExtender that, when executed, stole all their information related to the VPN configuration — username, password, domain, and more — and sent it to an attacker-controlled remote server.

SonicWall did not immediately respond to The Register ...