Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Two Popular VPNs Exposed Users to Attacks Via Fake Updates

Researchers analyzed some of the most popular VPNs and discovered that two of them were affected by vulnerabilities that could be exploited to hack users’ devices.

Researchers analyzed some of the most popular VPNs and discovered that two of them were affected by vulnerabilities that could be exploited to hack users’ devices.

VPNpro, a company that specializes in analyzing and comparing VPN services, analyzed the 20 most popular VPNs to see which of them allow attackers to intercept communications and push fake updates.

The analysis revealed that PrivateVPN and Betternet VPNs were vulnerable to these types of attacks. Both vendors were notified in mid-February and they have released patches that should prevent attacks.

“The most important part of the fix is that they don’t accept unverified update files anymore. Since we were intercepting only update network requests, the issue no longer exists,” VPNpro told SecurityWeek.

The analysis revealed that PrivateVPN, Betternet, TorGuard and CyberGhost allowed an attacker to intercept the connection, and the VPN connected while being intercepted. However, only PrivateVPN and Betternet downloaded a fake update, and PrivateVPN even executed the update automatically. Betternet did not automatically execute the update, but prompted the user to update the app, which in many cases would also likely lead to execution of the fake update.

According to VPNpro, a man-in-the-middle (MitM) attacker could have intercepted the targeted user’s VPN connection and pushed a fake software update. In the most likely scenarios, the attacker convinces the victim to connect to a malicious Wi-Fi network in a public location, or they somehow gain access to the target’s router.

Advertisement. Scroll to continue reading.

The malicious software update could have unleashed a piece of malware on the victim’s device. This includes ransomware or malware designed to steal sensitive information, abuse the compromised device for cryptocurrency mining, or add the device to a botnet.

Related: Android VPNs Introduce Security, Privacy Risks: Study

Related: No Patch for VPN Bypass Flaw Discovered in iOS

Related: Iranian Hackers Exploited Enterprise VPN Flaws in Major Campaign

Written By

Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

People on the Move

Tracey Mustacchio has joined Everfox as Chief Marketing Officer.

Mark Carter has been appointed Chief Information Security Officer at Socure.

Spektrum Labs has named Mark Cravotta Chief Operating Officer.

More People On The Move

Expert Insights

Four decades of incident response experience suggest that exploits are often the symptom, not the root cause, of today’s cybersecurity failures.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.