SonicWall Says Malicious NetExtender Client Used to Steal VPN Credentials

The malicious application was designed to steal a user's VPN configuration, including their username, password, domain, and other information.

Advertisement
Written by David Delima | Updated: 26 June 2025 11:44 IST
Highlights
  • SonicWall has warned customers about a malicious version of its app
  • The modified version of NetExtender was used to steal VPN credentials
  • SonicWall and Microsoft have worked to block the spread of the malware

SonicWall has urged users to download the NetExtender app from its website

Photo Credit: Pexels/ Sora Shimazaki

SonicWall has issued an advisory that informs customers that a malicious version of its SonicWall SSL VPN NetExtender app is being used to steal VPN configuration and credentials. The company warns that threat actors have modified two files used by the NetExtender VPN application, which is used by several organisations to allow remote users to securely connect to the main network. Microsoft and SonicWall have taken measures to block the spread of the modified versions of the NetExtender application.

SonicWall NetExtender VPN Application Was Digitally Signed By Threat Actors

In a security advisory issued earlier this week, SonicWall said that it detected the modified version of the NetExtender SSL VPN application in collaboration with Microsoft Threat Intelligence (MSTIC). The malicious version of the app was hosted on a website that allowed users to download the trojanised version of the latest release, version 10.3.2.27.

The NetExtender application files modified by the threat actor
Photo Credit: SonicWall

Advertisement

 

According to the company, the threat actors digitally signed the trojanised version of the NetExtender app, which allowed it to bypass security checks on Windows. It was signed using a digital certificate issued to "CITYLIGHT MEDIA Private LIMITED".

Advertisement

If a user downloaded the fake version of the SonicWall NetExtender VPN app, it would install two modified applications, "NeService.exe" and "NetExtender.exe". The threat actor's changes to the NeService.exe allowed them to bypass the digital certificate checks performed when the app is loaded.

Advertisement

Meanwhile, the modified NetExtender.exe application would collect details about the user's VPN configuration, including their username, password, domain, and other information. These would be sent to a remote server once the user clicked the Connect button.

SonicWall has updated its malware detection tool and will automatically block the malicious software after identifying it as GAV: Fake-NetExtender (Trojan). Microsoft's Windows Defender software will also detect the trojanised version of the app, which is categorised as "SilentRoute" Trojan ("TrojanSpy:Win32/SilentRoute.A")

Advertisement

The digital certificate used to sign the installer has also been revoked, and the companies worked to take down the websites that were being used to impersonate the NetExtended VPN application. Meanwhile, SonicWall has urged users to download the application from its website instead of using third party sources.

 
Post your comments

Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.

Further reading: SonicWall, Malware, Trojan Apps, NetExtender
Google Pixel 10 Tipped to Pack Larger Battery Than Pixel 9; May Offer Faster Charging
Advertisement
Popular on Gadgets
Latest Gadgets
Popular Mobile Brands
#Trending Stories
  1. Google Pixel 10a Listed on Retailer Websites With Pricing, Colour Options
  2. OnePlus Brings Valentine's Day Deals on Tablets, Audio Products: See Offers
  3. Samsung Galaxy S26 Series Pricing, Specs Leak As Galaxy Unpacked Nears
  4. Samsung Announces Galaxy S26 Series Launch Date as Pre-Orders Begin
  5. iQOO 15R Confirmed to Launch in India Soon With This 1.5K AMOLED Display
  6. Oppo K14x 5G With 6,500mAh Battery Launched in India at This Price
  7. Google Is Reportedly Bringing Personal Intelligence to NotebookLM
  8. Nvidia GeForce Now for India Hands-On: Built to Impress
  9. Lava Bold N2 Will be Launched in India Soon in These Colourways
  10. Apple, Google to Make These Four Changes to Make App Stores Fairer
#Latest Stories
  1. Apple, Google Make Four Commitments to Improve Fairness and Transparency in App Stores
  2. Samsung Galaxy S26 Series Pricing, Full Specifications Leaked Ahead of Galaxy Unpacked Event
  3. Samsung Galaxy Unpacked Event Date Announced for New Galaxy S Series Launch; Pre-Reservations Begin
  4. NASA, SpaceX Delay ISS Mission Launch Due to Bad Weather
  5. Venus May Hide a Vast Underground Tunnel Formed by Ancient Volcanic Eruptions, Scientists Say
  6. Arc Raiders' Update 1.15.0 Adds New Event, Map Condition and Cosmetics
  7. Realme 16 Pro, Realme 15 Price in India to Be Hiked From February 11 Due to Rising Component Costs: Report
  8. Google Is Reportedly Bringing Personal Intelligence to NotebookLM
  9. Honor Magic 9 Series Tipped to Launch With Significant Battery Upgrade Over Magic 8 Models
  10. Databricks CEO Reportedly Highlights Existential Risk to SaaS Days After IT Market Crash
Gadgets 360 is available in
Follow Us
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2026. All rights reserved.