Be careful if you are about to download ProtonVPN software There is a fake version of the popular VPN client that infects computers with malware designed to steal your passwords and any bitcoins you have on hand

Kaspersky researchers reported yesterday (February 18) that Russian fraudsters have copied the real ProtonVPN site at protonvpncom and posted a complete replica on protonvpn-dot-store The scammers lured victims to the fake ProtonVPN site by placing malicious banner ads on other websites

However, clicking on the big green "Get ProtonVPN Now" button in the middle of the page would download something that looked like a ProtonVPN installer but was actually an AZORult Trojan horse, a notorious information thief

"Threat actors can steal cryptocurrency from locally available wallets (Electrum, Bitcoin, Etherium, etc), FTP logins and passwords from FileZilla, email credentials, locally installed browser information (cookies WinSCP, Pidgin messenger, etc)," wrote Kaspersky's Dmitry Bestuzhev, "We designed the malware to steal authentication information

A few months ago, Bleeping Computer recalled that another (or perhaps the same) gang cloned the NordVPN website and forced people to download the Bolik banking-type Trojan

In this case, the tainted NordVPN software actually worked In yesterday's report, Kaspersky did not indicate whether the fake ProtonVPN installer worked as well

The fake ProtonVPN site is still up and running, but the big green button now directs users to a random Twitter post extolling ProtonVPN's virtues