If you use a VPN to work remotely, be on the lookout as hackers are now mimicking trusted security tools to steal login credentials. We’ll cover how this attack works and how you can stay protected as we sit down and sync up with Rocket IT’s weekly technology update.

In this episode, you’ll hear more about:

• A fake security tool targeting remote workers
• How hackers are sneaking past antivirus checks
• What a VPN actually does
• Where attackers are hiding malicious downloads
• What to check before installing VPN software

Video Transcript

SonicWall, a well-known cybersecurity company, recently teamed up with Microsoft’s Threat Intelligence Center to uncover a fake version of SonicWall’s NetExtender software spreading online. It looks almost identical to the real app, but behind the scenes, it’s been modified to steal sensitive information like usernames and passwords.

To understand why this matters, let’s break down a few quick terms. A VPN, or virtual private network, creates a secure tunnel between your device and your company’s network. That means you can work from anywhere and still safely access internal files, apps, and tools, just like you would if you were in the office.

NetExtender is SonicWall’s VPN software. It’s commonly used by remote workers and IT teams to connect to their organization’s network securely. But now, hackers have created a lookalike version of NetExtender that comes with a digital signature to appear more authentic and sneak past basic security checks.

This attack works by tricking victims into downloading the fake VPN through search engine ads, spoofed websites, YouTube videos, forum posts, and even fake tech support messages. These links lead to websites that are designed to look like the real SonicWall portal but are filled with links to malicious downloads.

Once the software is installed, it waits for the user to enter their VPN login credentials. As soon as the “Connect” button is clicked, malicious code sends those credentials, along with other connection details, straight to hackers. From there, the attacker has everything they need to log into your network, move through internal systems, access files, steal customer data, or plant malware like ransomware.

To avoid falling for it, SonicWall says to only download software directly from their official websites, either sonicwall.com or mysonicwall.com. SonicWall has also updated its security tools to detect the fake NetExtender, and Microsoft is helping by updating Windows Defender to detect and block the fake app.

But not every antivirus tool will catch it right away, which makes it important to keep an eye out for red flags. So, as mentioned, be sure the site you’re downloading from is legitimate. Avoid clicking on sponsored or promoted results in search engines or social media. And check the software’s digital signature, if it’s not signed by SonicWall, don’t trust it.

The reality is that threats like this are getting harder to spot. That’s why working with a trusted IT partner, Rocket IT, can make a big difference. Rocket IT provides organizations with the tools to scan for hidden threats, monitor activity across your network, and step in immediately if something suspicious happens. To set up security policies that stop these kinds of attacks before they ever reach your team, contact us using the link in this video’s description. And to stay up to date on trending technology news, hit that subscribe button and the bell to catch us on next week’s episode of Sync Up with Rocket IT.