Protect your PC

Hackers Copy NordVPN’s Website to Spread Bank Trojan

Users Hoped for Security, Ended Up with Malware

Cyber criminals have found an effective way to distribute malicious software, and users are none the wiser. By copying the popular VPN (virtual private network) website for NordVPN, users believe they are using something that is meant to boost their security. Instead, they are downloading a bank trojan.

Now, one may think they cannot be dupped by a fictitious website but these hackers are good. Not only did they replicate the site entirely, but they also added a valid SSL certificate, which helps the fake website appear more legitimate while also allowing it to bypass browser security checks.

Tricky? Yes, yes indeed.

What is a VPN?

As mentioned earlier, a VPN is a virtual private network. However, that still doesn’t exactly state what it does. Take a firewall, for example, that helps to protect your data on your computer. A VPN does the same but does so online. By utilizing a VPN, users are able to securely access a private network and share data on public networks.

Don’t Fall Victim

The best way to avoid these scams is two-fold. First, when you visit a website, type the URL into the address bar instead of searching for the URL on a search engine. Often times, even if they are malicious, websites will show up in the search results. For instance, if you wanted to go to, type in in the browser’s address bar. Do not go to and search ESPN. Granted you’ll likely go to the correct place, but you also may end up on a spoofed site. So, searcher beware.

Also, deploy a security solution that uses an application whitelist. By running a whitelist, only known trusted programs are permitted to execute. Therefore, if you find yourself somewhere you shouldn’t be — the malware still cannot run, because it has not been tested and proven secure.

 5,939 total views,  2 views today

(Visited 1 times, 1 visits today)

6 thoughts on “Hackers Copy NordVPN’s Website to Spread Bank Trojan”

  1. I also have NordVPN and the NordVPN Security Team addressed this issue in their blog post dated August 20, 2019.

    Nord VPN’s blog entitled “A Scam Impersonating NordVPN You Need To Know About” by Daniel Markusen. This article addresses the following issues:

    1) How This Scam Works
    2) What We’re Doing To Fight This Scam
    3) How To Protect Yourself From Similar Scams
    4) How To Make Sure Your NordVPN App is Legit?

    Here also is the direct link to the NordVPN article:

    Hope this helps

    1. Hi Bill,
      PC Matic’s whitelist will only permit known trusted programs to run. Therefore, yes, it does effectively block ransomware. If you have any other questions, don’t hesitate to reach out.

      Thank you,

  2. Same here, I have NordVPN and now wonder if should uninstall it? Some communication from NordVPN would be helpful. I have PCMatic installed and hopefully will protect me. This whole thing is frustrating and confusing.

Leave a Comment

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.