Best Reviews logo
Best products
Best VPN Services of 2025 Best Password Managers of 2025 Best VoIP Systems of 2025 Best Online Fax Services of 2025 Best Mac Optimization Apps of 2025
VPN
NordVPN Surfshark IPVanish ExpressVPN CyberGhost VPN All reviews
Password managers
RoboForm LastPass 1Password Keeper NordPass All reviews
VoIP
RingCentral 800.com Nextiva VoiPLy Talkroute All reviews
Mac optimization
CleanMyMac MacKeeper MacBooster CCleaner All reviews
Faxing
eFax FAX.PLUS MetroFax MyFax SRFax All reviews
Medical alerts
Medical Guardian MobileHelp LifeFone Medical Alert Lifeline All reviews
Background checks
TruthFinder Spokeo PeopleFinders Intelius Instant Checkmate All reviews
Webinars
EverWebinar WebinarJam Demio Livestorm Zoho Webinar All reviews
AI
BetterPic Grammarly SaneBox Manychat Freshchat
Disclaimer: We sustain our work & review products through paid collaborations.
Best Reviews
Cybercriminals Are Using Fake VPN Installers for Spreading Malware

Cybercriminals Are Using Fake VPN Installers for Spreading Malware

By Sérgio F. Sérgio F. | Verified  Mary P. Mary P.
Discussions
Last updated:

A recent investigation by the cybersecurity platform Rapid7 uncovered a sophisticated cyberattack campaign that uses fake installers to inject Winos 4.0 malware into the users’ devices.

According to Rapid7’s researchers “Catena uses embedded shellcode and configuration switching logic to stage payloads like Winos 4.0 entirely in memory, evading traditional antivirus tools”. In addition, “Once installed, it quietly connects to attacker-controlled servers – mostly hosted in Hong Kong – to receive follow-up instructions or additional malware.”

VPN installer on mobile

Cyberattack campaign key findings

  • The cyberattack campaign was discovered in February 2025.
  • Bad actors use fake installers of services like VPNs, browsers, and optimization utilities to spread Winos 4.0 malware (advanced malicious framework that can extract data, provide remote shell access and execute DDoS attacks.
  • The campaign uses a memory-resident loader called Catena to evade traditional security measures.
  • When the malware is successfully injected, it stealthily connects to the attackers’ servers, primarily located in Hong Kong, to receive follow-up commands or spread additional malware.
  • This cyberattack is connected to a threat cluster called Void Arachne (also known as Silver Fox).
  • Active throughout 2025, demonstrating a reliable infection pattern with tactical adjustments that suggest a proficient and skilled threat actor.

How to avoid being tricked into installing fake apps

Cybercriminals have become increasingly clever, using deceptive tactics that are harder to detect than ever before. To protect yourself, it’s crucial to adopt cybersecurity steps. One of the most important tips is to be cautious when installing new software, but this isn’t enough to ensure thorough protection. This is why we recommend that users get an internet security suite to efficiently prevent viruses and other cyberthreats from exploiting their devices.

How good are internet security suites?

Internet security suites are the best bet for protecting desktops, laptops, and smartphones and this applies to both businesses and individuals. This type of software typically offers:

  • Real-time protection
  • Firewall and network security
  • Anti-phishing services
  • Web protection
  • Endpoint Detection and Response (EDR)
  • Sandbox environment
  • AI-driven detection systems
  • Automatic updates
  • VPN
  • Password manager
  • Timely notifications
Sérgio F.
Sérgio F.

From a young age, Sérgio showed a great interest in music and gaming, which served to boost his language skills in the years to come. His connection with creative content started in the early days of his first band, as he was in charge of all written and non-written materials. Later on, to further develop his skills, he studied Communication and Media. He then worked as a content producer, translator, designer, and marketer, until finally taking on the role of Content Creator for Best Reviews. You’ll often find Sérgio writing and producing music, drumming, gaming, going to live shows, and reading about the latest trends in technology.

View more from this author

Best internet security suites of 2025

Editors' choice
TotalAV logo

TotalAV

Editor's rating:
Easy and flexible to use
Tailor settings to your needs
All-in-one security solution
Protects all your devices
Visit TotalAV
Reviews
Power users
Bitdefender Internet Security logo

Bitdefender Internet Security

Editor's rating:
Easy to personalize
Strong protection against threats
Fast, efficient performance
Full suite of security tools
Visit Bitdefender
Reviews
Families
McAfee Total Protection logo

McAfee Total Protection

Editor's rating:
Great for all experience levels
All-in-one security solution
Control over network safety
Protects all your devices
Visit McAfee
Reviews

Related articles

A Deep Dive on How Data Brokers Impact Your Privacy
Read more
The Dark Side of Data Brokers: How They Put Your Privacy at Risk
Read more
The 3 Largest Data Brokers in the U.S.
Read more

Discussions

Share your thoughts, ask questions, and connect with other users. Your feedback helps our community make better decisions.

©2012-2025 Best Reviews, a clovio brand – All rights reserved