SonicWall has issued an important alert about a dangerous fake version of its VPN software, NetExtender. This software is normally used by people to safely connect to their office, school, or private networks from outside. But in this case, hackers created a copy of the software that looks almost the same as the original, and used it to steal login information from users.

The fake version that’s causing trouble is based on NetExtender version 10.3.2.27. It works like the real one, so most people wouldn’t notice anything unusual. But behind the scenes, it secretly collects personal details like usernames, passwords, and VPN settings. These details are then sent to a remote server controlled by the hackers.

What makes this even more serious is how the attackers made the fake software seem trustworthy. They used a fake company name, CITYLIGHT MEDIA PRIVATE LIMITED, to make it look like it came from a real business. The program was also designed in a way that skips normal security checks. This means the computer doesn’t warn the user that the software is fake, which makes it more likely someone would install and use it without realizing the risk.

The hackers shared this fake version through websites that looked just like SonicWall’s official download pages. People searching online for “NetExtender download” might have landed on these look-alike sites by mistake. If they downloaded from there, they likely installed the harmful version of the app.

Once the fake NetExtender is installed, it runs normally on the surface. It connects users to their networks just like the real version would. But at the same time, it silently sends login information to the hackers’ server without the user knowing. With this stolen data, hackers can try to break into office systems, personal accounts, or company files that are meant to be private.

This problem was discovered by SonicWall’s cybersecurity team with help from Microsoft’s security experts. As soon as they realized what was happening, they acted quickly to fix it. The fake websites were taken down, and the digital signature used to trick users was blocked. Both companies also updated their security tools so that the fake software could be detected and stopped if it appears again.

SonicWall shared important signs that companies and IT teams can look for to find out if any of their computers have been affected. These signs include specific files and unusual internet connections that the fake software might create. If found early, the problem can be removed before it causes more damage.

If you’ve used NetExtender recently or installed it from anywhere other than SonicWall’s official website, it’s a good idea to take action. First, uninstall the version you downloaded. Then, change your VPN login password as soon as possible. It’s also smart to run a full antivirus scan to check for any other hidden threats.

To stay safe in the future, always download software directly from the official SonicWall website sonicwall.com or mysonicwall.com. Avoid using search engine links or third-party websites, especially for security tools. If you’re not sure whether a download is safe, it’s better to ask your IT department or a trusted expert before installing it.

You should also enable two-step login for your VPN if it’s available. This means even if someone gets your password, they can’t log in without your second form of approval, like a code sent to your phone. It’s a simple but effective way to protect your data.

This incident is a strong reminder that even trusted tools can be turned into traps if you’re not careful about where you get them from. Hackers are using smarter tricks than ever to fool users. By being a little more cautious, you can avoid big problems and keep your systems safe.

Stay alert, and keep your security measures updated!

Source: Follow cybersecurity88 on X and LinkedIn for the latest cybersecurity news