Fake enterprise VPN downloads used to steal company credentials

A threat actor tracked as Storm-2561 is distributing fake enterprise VPN clients from Ivanti, Cisco, and Fortinet to steal ...
The Hacker News

Storm-2561 Spreads Trojan VPN Clients via SEO Poisoning to Steal Credentials

Storm-2561 spreads fake VPN installers via SEO poisoning and GitHub downloads, stealing enterprise VPN credentials with Hyrax malware.
Microsoft

Storm-2561 uses SEO poisoning to distribute fake VPN clients for credential theft

Storm-2561 uses SEO poisoning to push fake VPN downloads that install signed trojans and steal VPN credentials. Active since 2025, Storm-2561 mimics trusted brands and abuses legitimate services. This ...
CSO Online

Storm-2561 targets enterprise VPN users with SEO poisoning, fake clients

The financially motivated group has been active since May 2025, impersonating Fortinet, Ivanti, Cisco, and other vendors to steal corporate credentials.
Fox News

Malicious apps posing as VPNs can turn your device into a tool for cyberattacks

Virtual private networks (VPNs) are important if you care about your data and privacy. They create a secure, encrypted connection between your device and the internet, hiding your IP address and ...
Hosted on MSN

Google issues official warning that VPN scams are on the rise – here's how to avoid them

Google has issued a new warning about the rise of malicious VPN apps and extensions, calling them a growing tactic used by cybercriminals to harvest sensitive data. In its latest Fraud and Scams ...
Hosted on MSN

Google tells all UK Android users to delete app in serious warning

Android phone users are being told to delete a popular app immediately after Google issued a stark warning. Google is warning Android users over fake VPN apps that sneak malware onto phones and ...