{"id":208243,"date":"2025-03-10T06:11:31","date_gmt":"2025-03-10T11:11:31","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2025\/03\/silentcryptominer-infects-2000-russian-users-via-fake-vpn-and-dpi-bypass-tools"},"modified":"2025-03-10T06:11:31","modified_gmt":"2025-03-10T11:11:31","slug":"silentcryptominer-infects-2000-russian-users-via-fake-vpn-and-dpi-bypass-tools","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2025\/03\/silentcryptominer-infects-2000-russian-users-via-fake-vpn-and-dpi-bypass-tools","title":{"rendered":"SilentCryptoMiner Infects 2,000 Russian Users via Fake VPN and DPI Bypass Tools"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/silentcryptominer-infects-2000-russian-users-via-fake-vpn-and-dpi-bypass-tools.jpg\"><\/a><\/p>\n<p>A new mass malware campaign is infecting users with a cryptocurrency miner named <b>SilentCryptoMiner <\/b>by masquerading it as a tool designed to circumvent internet blocks and restrictions around online services.<\/p>\n<p>Russian cybersecurity company Kaspersky said the activity is part of a larger trend where cybercriminals are increasingly leveraging Windows Packet Divert (<a href=\"https:\/\/github.com\/basil00\/WinDivert\" rel=\"noopener\" target=\"_blank\">WPD<\/a>) tools to distribute malware under the guise of restriction bypass programs.<\/p>\n<p>\u201cSuch software is often distributed in the form of archives with text installation instructions, in which the developers recommend disabling security solutions, citing false positives,\u201d researchers Leonid Bezvershenko, Dmitry Pikush, and Oleg Kupreev <a href=\"https:\/\/securelist.com\/silentcryptominer-spreads-through-blackmail-on-youtube\/115788\/\" rel=\"noopener\" target=\"_blank\">said<\/a>. \u201cThis plays into the hands of attackers by allowing them to persist in an unprotected system without the risk of detection.\u201d<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A new mass malware campaign is infecting users with a cryptocurrency miner named SilentCryptoMiner by masquerading it as a tool designed to circumvent internet blocks and restrictions around online services. Russian cybersecurity company Kaspersky said the activity is part of a larger trend where cybercriminals are increasingly leveraging Windows Packet Divert (WPD) tools to distribute [\u2026]<\/p>\n","protected":false},"author":427,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1761,34,418],"tags":[],"class_list":["post-208243","post","type-post","status-publish","format-standard","hentry","category-cryptocurrencies","category-cybercrime-malcode","category-internet"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/208243","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/427"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=208243"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/208243\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=208243"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=208243"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=208243"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}