Security Boulevard

How searching for a VPN could mean handing over your work login details

What looks like a legit VPN download could be a trap, as SEO poisoning is being used to steal corporate logins.
Cybernews

Microsoft reveals SEO poisoning campaign that baits users into downloading fake VPN software

The malware is designed to steal the victim’s VPN login credentials. According to Microsoft, the attack uses search engine optimization (SEO) poisoning to push websites hosting the malicious VPN ...
The Hacker News

Storm-2561 Spreads Trojan VPN Clients via SEO Poisoning to Steal Credentials

Storm-2561 spreads fake VPN installers via SEO poisoning and GitHub downloads, stealing enterprise VPN credentials with Hyrax malware.
SecurityWeek

Threat Actor Targeting VPN Users in New Credential Theft Campaign

Storm-2561 is relying on SEO poisoning to distribute fake VPN clients that install trojans and steal users’ credentials.

Fake enterprise VPN sites used to steal company credentials

A threat actor tracked as Storm-2561 is distributing fake enterprise VPN clients from Ivanti, Cisco, and Fortinet to steal VPN credentials from unsuspecting users.