Cheana Stealer Targets VPN Users Across Windows, Linux, and macOS in Sophisticated Phishing Campaign - #Cheana
Cybersecurity researchers have identified a sophisticated phishing campaign that employs the Cheana Stealer malware to target users on Windows, Linux, and macOS platforms. The campaign utilizes a phishing site that impersonates the legitimate WarpVPN service, tricking users into downloading malicious VPN applications. This malware targets sensitive information such as cryptocurrency wallets, browser passwords, SSH keys, and macOS Keychain data, which is then exfiltrated to attackers' command and control servers. Linked to a Telegram channel with over 54,000 subscribers, the campaign initially built credibility by offering free VPN services before distributing the malware. Recommendations to mitigate the risk include downloading software from trusted sources, increasing awareness of phishing tactics, employing advanced endpoint protection, and enabling multi-factor authentication. The campaign has been active since 2018 and is suspected to have changed operators in 2021, further complicating efforts to trace and shut it down.