Unknown threat actors are distributing a trojanized version of SonicWallβs SSL VPN NetExtender to steal user credentials through malicious software impersonating legitimate updates. The campaign involves sophisticated techniques such as fake websites, modified installation files, and abuse of digital signatures like ConnectWise Authenticode to evade detection. #SilentRoute #EvilConwi #SonicWall #ConnectWise #CredentialTheft
Keypoints
- Threat actors distribute a trojanized SonicWall NetExtender to steal user credentials.
- The malicious installer mimics the legitimate software and is delivered via fake websites.
- Modified components exfiltrate VPN configuration data, including username and password, to a remote server.
- Attackers abuse ConnectWise Authenticode signatures to embed malicious code without invalidating the signature.
- Phishing emails and fake AI tools on social media are used as initial infection vectors.
Read More: https://thehackernews.com/2025/06/sonicwall-netextender-trojan-and.html