Check out our latest products
![[K-Beauty] Rose Vitamin Oil to Foam | Daily Face Wash Oil Based Cleanser | Korean Rose Oil Foaming Face Cleanser | Hydrating Facial Cleanser for Dry Sensitive Skin (3.88 oz)](https://i1.wp.com/m.media-amazon.com/images/I/71sX7yIuXRL._SL1500_.jpg?w=300&resize=300,300&ssl=1)
Chinese hackers hijacked a VPN provider’s website to spread malware to users in Asia, according to antivirus company ESET.
In May 2024, ESET’s antivirus software flagged malware infections on Windows computers that were traced to the website of South Korean VPN company IPany.
“Upon further analysis, we discovered that the installer was deploying both the legitimate software and the backdoor that we’ve named SlowStepper,” ESET said in a Wednesday blog post. “We contacted the VPN software developer to inform them of the compromise, and the malicious installer was removed from their website.”
The page that hosted the downloads. (Credit: ESET)
It’s unclear how the hackers tampered with IPany’s website. The company didn’t immediately respond to a request for comment.
ESET warns that the compromised website contained no code to circulate the malicious installer to specific users based upon their geographic region or IP address. “Therefore, we believe that anyone using the IPany VPN might have been a valid target,” ESET says.
ESET traced the attack to a Chinese hacking group called PlushDemon, which has been around since 2019 conducting cyberespionage in China, Taiwan, South Korea, and the US. PlushDemon’s SlowStepper backdoor will secretly communicate with the hacker’s command and control server. The backdoor can carry out numerous instructions, including downloading and executing additional malware, collecting a computer’s specs, and deleting specific files.
Recommended by Our Editors
(Credit: ESET)
ESET adds that PlushDemon’s attack may have helped the group spy on high-value targets. “Via ESET telemetry, we found that several users attempted to install the trojanized software in the network of a semiconductor company and an unidentified software development company in South Korea,” the company says. “The two oldest cases registered in our telemetry were a victim from Japan in November 2023 and a victim from China in December 2023.”
The incident is also a supply chain attack, where a hacker compromises a widely used third-party software, giving it a way to infiltrate numerous users. In 2023, suspected North Korean hackers also pulled off a similar scheme by compromising the 3CX voice-calling app to circulate a malicious software version to unsuspecting users.
Like What You’re Reading?
This newsletter may contain advertising, deals, or affiliate links.
By clicking the button, you confirm you are 16+ and agree to our
Terms of Use and
Privacy Policy.
You may unsubscribe from the newsletters at any time.
About Michael Kan
Senior Reporter
Read the latest from Michael Kan
![[ 8 Pack ] Plastic Storage Baskets With Lids, Small Pantry Organization, Stackable Storage Bins, Household Organizers for Cabinets, Countertop, Drawers, Under Sink or On Shelves,Gray](https://i1.wp.com/m.media-amazon.com/images/I/81NMRFDwXYL._AC_SL1500_.jpg?w=300&resize=300,300&ssl=1)
![[Luxury] Kitchen Soap Dispenser Set – 16OZ Black Glass Bottle, Stainless Steel Pump, Instant Dry Tray, Waterproof Labels, Non-Slip Silicone Pad, and Dish Brush | Upgrade for Your Kitchen and Bathroom](https://i3.wp.com/m.media-amazon.com/images/I/71TQcJWiGtL._AC_SL1500_.jpg?w=300&resize=300,300&ssl=1)
