Corporate security provider SonicWall has - together with Microsoft - discovered the distribution of a fake version of its VPN. This is concerning news for anyone using this VPN, as rather than protecting your privacy as you would expect, it may in fact, be exposing you.
If downloaded in error, the VPN client steals the login credentials and other information, sending the data to the hacker's server. It's a firm reminder that it is always best to stick to providers that you'll find on our list of the best VPN services, as you know that these are safe, tried, and tested.
While this tool isn't as well known as the likes of NordVPN or ExpressVPN it is one that you might find yourself protected by at in the workplace, college, or at a healthcare provider. But even if it is useless as a gaming VPN, SonicWall is an important piece of software in certain corporate scenarios.
Consequently, this has certain implications for how you choose and use VPN software. After all, you don't want to end up using a fake VPN client that diverts your username and password into the hands of cybercriminals.
What did SonicWall do about it?
Collaborating with Microsoft (SonicWall is typically found on Windows networks), SonicWall issued an advisory note explaining how the malware stole data.
"Additional code was added to send VPN configuration information to a remote server with the IP address 132.196.198.163 over port 8080. Once the VPN configuration details are entered and the "Connect" button is clicked, the malicious code performs its own validation before sending the data to the remote server. Stolen configuration information includes the username, password, domain, and more."
How does this affect non-corporate VPN users?
On the face of it, this is a problem that the IT guys where you work, or at your uni, can sort out with some patching. While that may be the ultimate solution, the attack vector is one that should concern everyone who uses a VPN.
In short, if you're not getting your VPN client from the official website or via the approved outlet (such as the App Store, Google Play, etc.) then you risk installing a fake. As this incident has demonstrated, scammers are readily able to put up a fake website to spoof people into downloading malicious scamware.
So, if you're using a VPN, stick to official sources. If you don't, but you're thinking of keeping your connection private, choose a VPN that is designed for consumers - something like NordVPN.
If you want to use a VPN for a specific game, read our Warzone VPN guide or our Minecraft VPN guide. Both are filled with lots of useful insights and perspectives.
English
Arabic
French
Spanish
Portuguese
Deutsch
Turkish
Dutch
Italiano
Russian
Portuguese (Brazil)
Greek