loader image
File comparison showing fake SonicWall VPN executables with altered binaries, linked to hackers' activity.
Hackers Fake SonicWall VPN to Steal Corporate Logins

Hackers are distributing a fake SonicWall VPN application to steal corporate login credentials from remote users. The malicious software mimics SonicWall’s legitimate NetExtender SSL VPN app, which allows employees to securely connect to internal networks. Dubbed “SilentRoute” by Microsoft Threat Intelligence, the trojanized version tricks users into installing it, giving attackers access to sensitive data.

The spoofed installer is hosted on a fraudulent website and is digitally signed by “CITYLIGHT MEDIA PRIVATE LIMITED.” Hackers behind the fake SonicWall VPN injected malicious code into NetExtender.exe and NeService.exe. These altered files bypass digital signature checks and transmit stolen credentials, including usernames and passwords, to a remote server once users click “Connect.”

SonicWall and Microsoft have since dismantled the malicious infrastructure and revoked the fake certificate. Both companies advise users to download VPN software exclusively from official sources. SonicWall has also shared indicators of compromise to help detect the threat.

Hackers deploy fake SonicWall VPN App to steal corporate credentials

Write a Reply or Comment

Your email address will not be published. Required fields are marked *