A new malware is in circulation that disguises itself as a VPN, bypasses Windows Defender, and enables Winos 4.0 command & control attacks. Anyone who's looking for a new VPN service needs to be vigilant so that they can avoid falling victim to this scam.
While first detected earlier this year, researchers have just completed their analysis. The team at Rapid7 (a cybersecurity solutions provider) has compiled a report on the malware, which is disguised as installers for Google Chrome and LetsVPN. If you haven't heard of it, LetsVPN is a China-based VPN service, but is open to users in North America, Australia, and Europe. It's not one that typically appears in lists of the best VPN services, and so that's a good argument for sticking to the well-known and respected providers.
What does the malware do?
You probably use a gaming VPN to encrypt your data and improve your privacy. But people that have used the wrong installer for LetsVPN and other software have opened themselves up to pretty nasty malware.
Winos 4.0 is a type of malicious software that gives remote access and control to an attacker. Capable of running from device memory rather than being installed, this type of malware can steal data from your files, shutdown and reboot the system, and be used as part of a botnet.
Rapid7 report that the threat is currently localized to China:
"Once installed, it quietly connects to attacker-controlled servers—mostly hosted in Hong Kong—to receive follow-up instructions or additional malware. While we've seen no signs of widespread targeting, the operation appears focused on Chinese-speaking environments and shows signs of careful, long-term planning by a capable threat group."
Given that "careful, long-term planning" we shouldn't rule out Winos 4.0 malware finding its way into apparently legitimate installers closer to home.
Stick to trusted VPNs
While it is good to see VPNs are available within China, they are best avoided by the rest of us. Yes, they will encrypt your data, but they are built to Chinese VPN legislation, rather than the standards used elsewhere. Installing the wrong VPN could weaken your privacy and data security, and, as we've seen, hand control of your device to an attacker.
So, keep your antivirus and malware scanning solution updated, and ensure that when you download installers for any software, you only use the official source.
If you're looking for a VPN, it's a good idea to choose one with a good reputation — NordVPN would be my top choice. It's a speedy service that works well with most games and streaming services. Using the WireGuard protocol, it encrypts your data really quickly and is an all-round great service favored by many users.
Read our Warzone VPN and Minecraft VPN guides if you're interested in using a VPN with either of these two popular games specifically.
Follow us on Google News so you can stay up to date with all the latest PC games, hardware, and VPN news. You should also join our community Discord so that you can chat with staff and readers about our stories.
Arabic
French
Spanish
Portuguese
Deutsch
Turkish
Dutch
Italiano
Russian
Romaian
Portuguese (Brazil)
Greek