• Latest
  • Trending
Malware campaign impersonates VC firm looking to buy sites

Malware campaign impersonates VC firm looking to buy sites

March 4, 2022
Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

July 29, 2025
French Telco Orange Hit by Cyber-Attack

French Telco Orange Hit by Cyber-Attack

July 29, 2025
ATC Ghana supports Girls-In-ICT Program

ATC Ghana supports Girls-In-ICT Program

April 25, 2023
Vice President Dr. Bawumia inaugurates  ICT Hub

Vice President Dr. Bawumia inaugurates ICT Hub

April 2, 2023
Co-Creation Hub’s edtech accelerator puts $15M towards African startups

Co-Creation Hub’s edtech accelerator puts $15M towards African startups

February 20, 2023
Data Leak Hits Thousands of NHS Workers

Data Leak Hits Thousands of NHS Workers

February 20, 2023
EU Cybersecurity Agency Warns Against Chinese APTs

EU Cybersecurity Agency Warns Against Chinese APTs

February 20, 2023
How Your Storage System Will Still Be Viable in 5 Years’ Time?

How Your Storage System Will Still Be Viable in 5 Years’ Time?

February 20, 2023
The Broken Promises From Cybersecurity Vendors

Cloud Infrastructure Used By WIP26 For Espionage Attacks on Telcos

February 20, 2023
Instagram and Facebook to get paid-for verification

Instagram and Facebook to get paid-for verification

February 20, 2023
YouTube CEO Susan Wojcicki steps down after nine years

YouTube CEO Susan Wojcicki steps down after nine years

February 20, 2023
Inaugural AfCFTA Conference on Women and Youth in Trade

Inaugural AfCFTA Conference on Women and Youth in Trade

September 6, 2022
  • Consumer Watch
  • Kids Page
  • Directory
  • Events
  • Reviews
Friday, 17 July, 2026
  • Login
itechnewsonline.com
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion
Subscription
Advertise
No Result
View All Result
itechnewsonline.com
No Result
View All Result

Malware campaign impersonates VC firm looking to buy sites

by ITECHNEWS
March 4, 2022
in Infosec, Leading Stories
0 0
0
Malware campaign impersonates VC firm looking to buy sites

BleepingComputer was recently contacted by an alleged “venture capitalist” firm that wanted to invest or purchase our site. However, as we later discovered, this was a malicious campaign designed to install malware that provides remote access to our devices.

Last week, BleepingComputer received an email to our contact form from an IP address belonging to a United Kingdom virtual server company.

YOU MAY ALSO LIKE

French Telco Orange Hit by Cyber-Attack

ATC Ghana supports Girls-In-ICT Program

This email pretended to be from a venture capitalist interested in investing or buying BleepingComputer, with the whole email listed below.

“Hello, we are a group of venture capitalists investing in promising projects.
We saw your website and were astounded by your product. We want to discuss the opportunity to invest or buy a part of the share in your project. Please get in touch with us by phone or in Vuxner chat.
Your agent is Philip Bennett. His username in Vuxner is philipbennett  Make sure you contact us ASAP because we are not usually so generous with our offers. Thank you in advance!”

Writing about cybersecurity for so long, I am paranoid regarding email, messaging, and visiting unknown websites. So, I immediately grew suspicious of the email, fired up a virtual machine and VPN, and did a search for Vuxner.

Google showed only a few results for ‘Vuxner,’ with one being for a well-designed and legitimate-looking vuxner[.]com, a site promoting “Vuxner Chat – Next level of privacy with free instant messaging.”

Threat actor's Vuxner[.]com site to deploy malware
Threat actor’s Vuxner[.]com site to deploy malware

As this appeared to be the “Vuxner chat” the threat actors referenced in their email, BleepingComputer attempted to download it and run it on a virtual machine.

BleepingComputer found that the VuxnerChat.exe download [VirusTotal] actually installs the “Trillian” messaging app and then downloads further malware onto the computer after Trillian finishes installing.

Vuxner download installs Trillian
Vuxner download installs Trillian

As this type of campaign looked similar to other campaigns that have pushed remote access and password-stealing trojans in the past, BleepingComputer reached out to cybersecurity firm Cluster25who has previously helped BleepingComputer diagnose similar malware attacks in the past.

Fake Vuxner chat used to install a RAT

Cluster25 researchers explain in a report coordinated with BleepingComputer that the Vuxner[.]com is hosted behind Cloudflare, however they could still determine hosting server’s actual address at 86.104.15[.]123.

The researchers state that the Vuxner Chat program is being used as a decoy for installing a remote desktop software known as RuRAT, which is used as a remote access trojan.

“Infection chain for this campaign can be divide in a fist stage phase, where the decoy URL drops and installs a Software called “Trillian” and the second one where the installer drops a legitimate Remote Desktop Software known as RuRAT used for malicious purposes,” the Cluster25 researchers explain.

Once a user installs the Vuxner Trillian client and exits the installer, it will download and execute a Setup.exe executable [VirusTotal] from https://vuxner[.]com/setup.exe

When done, the victim will be left with a C:\swrbldin folder filled with a variety of batch files, VBS scripts, and other files used to install RuRAT on the device.

Strangely, both Cluster25 and BleepingComputer saw the RAT installation ask us to confirm the installation of the software. This prompt is a sloppy giveaway that something nefarious is happening and should cause immediate suspicion when displayed.

Asking permission to install the RAT
Asking permission to install the RAT

Cluster25 told BleepingComputer that the threat actors are using this attack to gain initial access to a device and then take control over the host.

Once they control the host, they can search for credentials and sensitive data or use the device as a launchpad to spread laterally in a network.

As you can see, threat actors are willing to create elaborate campaigns consisting of fake sites, custom installers, and targeted emails to infect their victims.

For this reason, all business owners and consumers need to be wary of any unusual emails stating that you need to download something to communicate with them.

Receiving emails like the one BleepingComputer received should automatically be seen as suspicious, and recipients should research to determine if a particular software is legitimate or not.

Simply searching and seeing a single result related to a particular program is a huge red flag indicating that the program should be avoided.

At this time, BleepingComputer is not aware of any other companies or media outlets targeted by this malicious campaign, indicating that this is a limited spear-phishing campaign.

Source: Lawrence Abrams
Via: bleepingcomputer
Tags: Malware campaign impersonates VC firm
ShareTweet

Get real time update about this post categories directly on your device, subscribe now.

Unsubscribe

Search

No Result
View All Result

Recent News

Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

July 29, 2025
French Telco Orange Hit by Cyber-Attack

French Telco Orange Hit by Cyber-Attack

July 29, 2025
ATC Ghana supports Girls-In-ICT Program

ATC Ghana supports Girls-In-ICT Program

April 25, 2023

About What We Do

itechnewsonline.com

We bring you the best Premium Tech News.

Recent News With Image

Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

July 29, 2025
French Telco Orange Hit by Cyber-Attack

French Telco Orange Hit by Cyber-Attack

July 29, 2025

Recent News

  • Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa July 29, 2025
  • French Telco Orange Hit by Cyber-Attack July 29, 2025
  • ATC Ghana supports Girls-In-ICT Program April 25, 2023
  • Vice President Dr. Bawumia inaugurates ICT Hub April 2, 2023
  • Home
  • InfoSec
  • Opinion
  • Africa Tech
  • Data Storage

© Copyright 2026, All Rights Reserved | iTechNewsOnline.Com - Powered by BackUPDataSystems

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

No Result
View All Result
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion

© Copyright 2026, All Rights Reserved | iTechNewsOnline.Com - Powered by BackUPDataSystems

Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?
Go to mobile version