A DNS Deep Dive into OpcJacker | WhoisXML API

Threat Reports

A DNS Deep Dive: That VPN Service May Be OpcJacker in Disguise

Threat actors will always use the most widely used applications to make headway in their malware campaigns, even software or services meant to enhance online security. OpcJacker is doing just that—posing as a VPN software installer when it’s actually a data-stealing malware.1

Our OpcJacker IoC list2 expansion analysis includes:

  • Seven additional IP addresses that played host to some of the domains identified as IoCs, three of which turned out to be malicious
  • 400+ additional domains that shared some of the IoCs’ IP hosts, 10 of which turned out to be malware hosts
  • 10,000 domains that contained the string vpn, 12 of which have been dubbed malicious

Download a sample of the threat research materials now or contact us to access the complete set of research materials.

  • [1] https://www.trendmicro.com/en_us/research/23/c/new-opcjacker-malware-distributed-via-fake-vpn-malvertising.html
  • [2] https://www.trendmicro.com/content/dam/trendmicro/global/en/research/23/c/new-opcjacker-malware-distributed-via-fake-vpn-malvertising/ioc-new-opcJacker-malware-distributed-via-fake-vpn-malvertising.txt
Try our WhoisXML API for free
Get started