Skip to content

Threat actor lures victims to malware-laden VPN page via call, text

August 29, 2024 – Published on SC Media

A social-engineering campaign targeting more than 130 U.S. companies aims to trick employees into thinking that there’s a VPN issue that needs fixing but instead are sent to a fake VPN page loaded with malware.

Researchers at the GuidePoint Research and Intelligence Team (GRIT) explained in an Aug. 27 blog post that the bad actor starts by calling a user on their cell phone and introduces themselves as a member of the help desk looking to fix a VPN log-in issue.

If the threat actor succeeds in tricking the user on the phone, he or she then sends the user a link via SMS that points them to a malicious site that in reality is a fake VPN site pretending to be a legit vendor.

Since June 26, the threat actor registered domain names that resemble the VPN technologies used by the targeted companies, the GRIT researchers noted.

“The type of social engineering used in this campaign is particularly hard to detect given that it normally happens outside of the traditional visibility of security tools, such as via direct calls to user’s cell phones and the use of SMS/text messaging,” wrote the GRIT researchers. “Unless users report receiving these types of calls or messages, the security teams might not even be aware of the attack. The threat actor can also target multiple users via this method until they successfully get a user that is susceptible to this type of attack.”

Read More HERE.