A new campaign exploits the ExpressVPN brand to trick people into downloading fake installers containing Redline, a widely distributed information stealer.
Victims infect themselves with the malware by launching it, thinking they’re about to install the popular VPN tool and end up losing sensitive data to cybercriminals.
The campaign was discovered by Cyble Research & Intelligence Labs researchers, who shared their findings exclusively with RestorePrivacy.
Impersonation Campaign
The ongoing brand impersonation campaign uses typosquatting domains made to appear close to ExpressVPN’s actual domain, “expressvpn.com.”
Typosquatting is a technique involving the registration of domain names that are similar to those of the impersonated brands, usually featuring additional characters or letter swaps.
Six examples
uncovered by Cyble while investigating this campaign are:
restoreprivacy.com
