Uncovering a Large Footprint of Fake NordVPN Sites
NordVPN isn’t new to being the target of various scammers. Over the years, we’ve seen malicious campaigns that start with luring users to a fake NordVPN site.1, 2
Anyone looking to subscribe to a VPN service could easily land on a fake site and get a malware infection.
WhoisXML API threat researcher Dancho Danchev looked at the underlying infrastructure of NordVPN scammers starting with four domains identified as indicators of compromise (IoCs). His investigation uncovered:
- At least eight unredacted email addresses used to register the domains identified as IoCs via their historical WHOIS records
- 10,650+ possibly connected domains as they shared the IoCs’ registrant email addresses
Download a sample of the threat research materials now or contact us to access the complete set of research materials.
-  https://nordvpn.com/blog/nordvpn-fake-site-scam/
-  https://www.bleepingcomputer.com/news/security/hackers-use-fake-nordvpn-website-to-deliver-banking-trojan/