What is the issue?
The latest variant of Bolik banking trojan dubbed ‘Win32.Bolik.2’ is distributed via cloned NordVPN website.
More details about the banking trojan
Earlier, Win32.Bolik.2 trojan was distributed via the website of free multimedia editor VSDC. Now, operators behind the banking trojan have switched their tactics to create website clones in order to distribute the trojan.
“The hacker behind Bolik banker worm is back. This time the malware is distributed via fake sites pretending to be NordVPN, Invoicesoftware360 and Clipoffice,” Doctor Web malware analyst Ivan Korolev tweeted.
“The actor is interested in english speaking victims (US/CA/UK/AU). However, he can make exceptions if the victim is valuable,” Ivan Korolev told BleepingComputer.
Capabilities of Win32.Bolik.2
“The Win32.Bolik.2 trojan is an improved version of Win32.Bolik.1 and has qualities of a multicomponent polymorphic file virus. Using this malware, hackers can perform web injections, traffic intercepts, keylogging and steal information from different bank-client systems,” Doctor Web researchers said in a blog.