Adware bundles are installing a VPN software called Pirate Chick, which then connects to a remote server to download and install malicious payloads such the AZORult password-stealing Trojan.
MalwareHunter, who discovered and shared this Pirate Chick with Bleeping Computer, analysed this sample and came to the conclusion that this is a Trojan that pretends to be a legitimate VPN software, but in the background downloads and installs a malware payload on a victim.
Paul Bischoff, Privacy Advocate at Comparitech.com:
“The web is full of malicious and poorly-secured VPN apps that do the exact opposite of what users want: better security and privacy. I always caution people against using free VPNs with a rare few exceptions (my go-to free VPN recommendation is Windscribe). The fact that Pirate Chick advertises a three-month trial might make it seem more legitimate than a straight up free VPN, but according to this report, it’s one of the more insidious ones out there.
This discovery begs the question: who out there still downloads adware bundles? It’s funny to think that there are people savvy enough to understand the need for a VPN but who don’t know how to spot a fake Adobe Flash update.”