Tech »  Topic »  Hackers Using Malicious SonicWall VPN for Credential Theft

Hackers Using Malicious SonicWall VPN for Credential Theft

1 day, 9 hours ago   bankinfosecurity

Trojanized NetExtender Installer Exfiltrates Data to Hardcoded IP Address Akshaya Asokan (asokan_akshaya) • June 25, 2025

Image: Michael Vi/Shutterstock

Fake versions of SonicWall VPN software contain a credential-stealing Trojan, the California network security company warned Monday.

See Also: OnDemand - The Quiet Gaps in SaaS Data Protection No One Talks About

A hacking campaign distributed a tweaked version of NetExtender software enabling remote users to connect and run applications on the company network. The threat actor behind the campaign hosted on websites impersonating SonicWall a malicious version of NetExtender version 10.3.2.27, the latest version of the software. The malware is signed by "Citylight Media Private Limited."

"The threat actor added code in the installed binaries of the fake NetExtender so that information related to VPN configuration is stolen and sent to a remote server," the company said.

SonicWall said developers behind the Trojanized installer modified the SonicWall executable ...


Copyright of this story solely belongs to bankinfosecurity . To see the full text click HERE