https://thehackernews.com/2026/03/storm-2561-spreads-trojan-vpn-clients.html
Storm-2561 Trojanizes VPN Installers via SEO Storm-2561 is distributing trojanized VPN clients through SEO poisoning and GitHub-hosted downloads, targeting enterprise us...
Follow
...ers searching for legitimate VPN software. The campaign deploys Hyrax malware bundled within functional installers, allowing credential theft to proceed while the software operates normally. The use of SEO manipulation to surface malicious installers above legitimate results is an established initial-access technique, effective against corporate environments where VPN tooling is routinely downloaded by IT staff. GitHub distribution adds perceived legitimacy and bypasses reputation-based fi...
...ltering. According to this report, the primary target is enterprise VPN credentials, which enable network-layer access without exploiting perimeter vulnerabilities. Open sources - closed narratives