Skip to main content

Do you use Pirate Chick VPN? Then you're in big trouble

Image credit: Shutterstock

Two security researchers have uncovered malware that pretends to be a legitimate VPN service. 

According to Lawrence Abrams from Bleepingcomputer and the team from Malwarehunter, Pirate Chick VPN (PirateChickVPNUpdate.exe) downloads and installs a malicious payload (vpnclientupdate.exe) on the victim’s computer. There was no Android version offered.

The provider had a genuine-looking website and even offered a three-month trial without the need to give away your credit card details to lure its targets. 

The site, which is now offline, was identified back in January 2019 by URLHaus as hosting the AZORult malware, with strong Russian connections; the site is registered in Belarus, Minsk, Kirova street.

A cursory glance at Google cache shows that the site claimed to have a no-log policy and 120 locations in 32 countries.

The executable was signed by a four-year old British company called ATX International Limited which is registered in London and currently has an active proposal to strike off entry. Bleepingcomputer has a detailed explanation of how Pirate Chick VPN runs; the malware is distributed via fake Adobe Flash players (popular on illegal streaming sites) and adware bundles.

It is likely that the threat posed by this fake VPN provider was nipped early in the bud as neither, nor Alexa or Similarweb have witnessed any significant activity around the URL.

Desire Athow

Managing Editor, TechRadar Pro

Désiré has been musing and writing about technology in a career spanning four decades. Following an eight-year stint at where he discovered the joys of global techfests, Désiré now heads up TechRadar Pro. He has an affinity for anything hardware and staunchly refuses to stop writing reviews of obscure products or cover niche B2B software-as-a-service providers.