05-12-2020 , 11:57 AM
Quote:Our research reveals that vulnerabilities in PrivateVPN and Betternet Windows apps can allow hackers to push fake updates and install malicious programs or steal user data
With the ability to push users to install fake updates, the hacker can install any program on a user’s computer or do a variety of malicious things, including:
stealing personal data and selling it on the black market
making bank payments with the victim’s computer
secretly mining for crypto
adding the device to a botnet
locking the computer with ransomware
leaking the victim’s stolen pictures, videos, recordings and messages online
We notified Betternet and PrivateVPN about the vulnerability on February 18. Betternet and PrivateVPN were able to verify issues and got to work immediately on a solution to the problem we presented.
Both sent us a version to test, which PrivateVPN rolled out on March 26. Betternet released their patched version on April 14.