The Hacker News

Storm-2561 Spreads Trojan VPN Clients via SEO Poisoning to Steal Credentials

Storm-2561 spreads fake VPN installers via SEO poisoning and GitHub downloads, stealing enterprise VPN credentials with Hyrax malware.

Fake enterprise VPN downloads used to steal company credentials

A threat actor tracked as Storm-2561 is distributing fake enterprise VPN clients from Ivanti, Cisco, and Fortinet to steal ...