SonicWall Warns of Trojanized NetExtender Stealing User Information

SonicWall Warns of Trojanized NetExtender Stealing User Information

Posted on By CWS

SonicWall has issued an alert on a marketing campaign distributing a modified model of its NetExtender utility to steal consumer info.

An SSL VPN utility, NetExtender gives distant customers with safe entry to enterprise assets, providing file obtain and add capabilities, community drive entry, and extra.

“In collaboration with Microsoft Risk Intelligence (MSTIC), SonicWall has recognized a misleading marketing campaign to distribute a hacked and modified model of SonicWall’s SSL VPN NetExtender utility that carefully resembles the official SonicWall NetExtender software program,” the corporate introduced.

The trojanized model of the appliance was constructed utilizing the most recent NetExtender launch (model 10.3.2.27) and is digitally signed with a certificates issued for Citylight Media Non-public Restricted, SonicWall explains.

The malicious code within the modified utility was designed to fetch info associated to the consumer’s VPN configuration and ship it to a distant server.

In line with SonicWall, the menace actor modified two elements of the NetExtender installer, specifically the NeService and NetExtender executables.

Within the former, the attacker modified a operate that validates the digital certificates of NetExtender elements, in order that recordsdata could be executed whatever the validation outcomes.

The latter comprises code that prompts when the consumer clicks the ‘Join’ button, to carry out validation of the VPN configuration and ship the knowledge to the attacker’s server.Commercial. Scroll to proceed studying.

“Stolen configuration info contains the username, password, area, and extra,” SonicWall says.

Along with Microsoft, the corporate took down the impersonating web sites and revoked the installer’s digital certificates. Each have added signatures to their safety options to detect the pretend NetExtender iteration.

“It’s strongly beneficial that customers obtain SonicWall functions solely from trusted sources: sonicwall.com or mysonicwall.com,” SonicWall notes.

Associated: Doable Zero-Day Patched in SonicWall SMA Home equipment

Associated: PoC Printed for Exploited SonicWall Vulnerabilities

Associated: SonicWall Flags Two Extra Vulnerabilities as Exploited

Associated: SonicWall Patches Excessive-Severity Vulnerability in NetExtender

Security Week News Tags:, , , , , ,

Related Posts

Fraud: A Growth Industry Powered by Gen-AI Fraud: A Growth Industry Powered by Gen-AI Security Week News
377,000 Impacted by Data Breach at Texas Gas Station Firm 377,000 Impacted by Data Breach at Texas Gas Station Firm Security Week News
Vibe Coding: When Everyone’s a Developer, Who Secures the Code? Vibe Coding: When Everyone’s a Developer, Who Secures the Code? Security Week News
ICS Patch Tuesday: Rockwell Automation Leads With 8 Security Advisories ICS Patch Tuesday: Rockwell Automation Leads With 8 Security Advisories Security Week News
New ‘SmartAttack’ Steals Air-Gapped Data Using Smartwatches New ‘SmartAttack’ Steals Air-Gapped Data Using Smartwatches Security Week News
Critical Vulnerability Exposes Many Mitel MiCollab Instances to Remote Hacking Critical Vulnerability Exposes Many Mitel MiCollab Instances to Remote Hacking Security Week News