Sonicwall has issued an advisory that informs customers that a malicious version of its sonicwall SSL VPN NETEXTENGER APP is being used to step vpn configuration and credit. The company warns that Threat actors have modified two files use by the NetexTender VPN Application, which is used by Several Organizations to Allow Remote users to second network. Microsoft and sonicwall has taken measures to block the spread of the modified versions of the netextender application.
Sonicwall Netextender VPN Application was digitally signed by Threat actors
In a security advisory Issued earlier this week, sonicwall said that it detected the modified version of the Netextender SSL VPN Application in Collection with Microsoft Threat Intelligence (MCCIC). The malicious version of the app was hosted on a website that allowed users to download the trojanised version of the latest release, version 10.3.2.27.
The Netextender Application Files Modified by the Threat Actor
Photo credit: sonicwall
According to the company, the threat actors digitally signed the trojanised version of the Netextender App, which allowed it to bypass secure checks on windows. It was signed using a digital certificate issed to “Citylight Media Private Limited”.
If a user downloaded the fake version of the sonicwall Netextender vpn app, it would install two modified applications, “Neservice.exe” and “Netextender.exe”. The threat actor’s changes to the neservice.exe allowed them to bypass the digital certificate checks performed when the app is loaded.
Meanwhile, the modified Netextender.exe Application Would Collect Details About The User’s VPN Configuration, Including Their Username, Password, Domain, and other information. These would be sent to a remote server on the user clicked the Connect Button.
Sonicwall has updated its malware detection tool and will automatically block the MALICIOUS SOFTWARE AFTER AFTER AFTER AFTER AFTER SOTWARE AFTER SOFTWARE SOFTWARE SOFTWARE SOFTWARE SOFTWARE SOFTWARE SOFTWARE SOTWARE SOFTWARE SOFTWARE SOTWARE SOFTWARE SOFTWARE SOTWARE SOTWARE SOTWARE SOTER NETEREF Microsoft’s Windows Defender Software will also detect the trojanised version of the app, which is categorized as “Silentroute” Trojan (“Trojanspy: Win32/SilentRoTe.a”))
The digital certificate used to sign the installer has also been revosed, and the companies worked to take down the websites that were beyed used to impersonate the Netexteed VPN application. Meanwhile, sonicwall has urged users to download the application from its website inste instead of using third party sources.
For the latest tech news and reviews, follow gadgets 360 on XFacebook, Whatsapp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, Follow our in-House Who’Shat360 on Instagram and YouTube.
Google Pixel 10 Tipped to Pack Larger Battery Than Pixel 9; May offer faster charging
