Home » Blog » Beware S5Mark Is a Malicious Software Disguising as a VPN

Beware S5Mark Is a Malicious Software Disguising as a VPN

No one would want to be monitored or get their personal information hacked. Online privacy is a major concern for everyone. However, once you use the Internet, your online privacy is already at risk. 
You can protect your online privacy by using trusted software or apps. An app that is gaining popularity when it comes to protecting online privacy is VPNs. VPNs are short for Virtual Private Networks.
There are a lot of VPNs on the market out there. Some are free and some are available via flexible monthly plans. However, the danger is that some of the free VPN apps out there are very risky to use. Instead of protecting you from possible hackers and hiding your web traffic, some of these free VPNs are doing the opposite. Hackers and organizations are launching these free VPNs to gather information and online activities of users.
Recently, BitDefender reported that Zacinlo rootkit, a virus that has been active for years, has been hiding as a VPN service called S5Mark.

Zacinlo rootkit in S5Mark VPN

You may be thinking that you are installing a trusted VPN service when you find it, but the truth is this that the VPN service S5Mark is the Zacinlo rootkit.
What does this malicious bug do? It enters Windows 10 systems and creates screenshots of what you are currently doing or looking at and then sends these screenshots to its control server.
It is not clear how many systems were affected, but according to BitDefender, the majority of the computers with Zacinlo systems is affected. These are mostly Windows 10 computers in the United States of America.
If you are unsure about your VPN or are trying to install a VPN you may check some of the trusted VPNs for online privacy.

This malware is not only hiding as a VPN

According to reports, it has been active for a long time and hiding in free software and programs that aim to improve browser performance. The effects of this malware can:

  • Give hackers access to your computer so they can install custom Javascript in the web pages that the victims are visiting.
  • Redirect browsers, so they can load other web pages in the background that is hidden on the windows of the computer.
  • Inject and force advertisements on you. As mentioned, this malware can grab a screenshot of what you are doing or looking at and send it directly to their control server.
  • Detect, as well as disable third-party antivirus / antimalware solutions. This includes Windows Defender.
  • Hide themselves and their activities on your computer by copying encrypted versions on your computer.
  • Also be connected to click frauds. This is when it forces an ad to a computer and the user clicks the ad. This activity can secure payments from online ad agencies.
  • Be used to receive commands from its control server that can shut down or turn off services on your PC.

The fascinating thing about this Zacinlo is it has the ability to update itself. This system is very flexible and can be easily upgraded that can do more malicious and suspicious activities.
Now that it is hiding as a VPN is very dangerous. Users will think that they will be getting the protection they need, but are actually sending valuable information to hackers.
BitDefender says that it cannot completely block Zacinlo once installed on your computer. In case there is an infection, you can stop the system scan and use the Rescue Mode of Bitdefender. This will remove the rootkit and other adware components of the system so it won’t affect your computer.

Beware of free VPNs on the market

The best solution for this is to be very vigilant in downloading software or apps. Beware of those who are offering their software or apps for free. 
There are a lot of VPNs out there who offer free service only to track your information and online activities. Instead of protecting your online privacy, it is doing the opposite. If you are in a company or business, don’t settle for free VPNs that could affect a large number of devices and people.
Consider things like the country where the VPN service provider is operating. Beware of China-made or Chinese connected VPNs as they have been linked to hacking and other malicious online activities.

Third-party issues with VPNs

Aside from this, it is also better to check if the VPN provider is connected to a third party or is outsourcing some of its data centers or servers. There is nothing wrong with outsourcing servers, however, the third party should also have a good background or have passed security and quality requirements.
Another feature that you should be looking for when buying or searching for a quality VPN service provider is if the VPN has a kill switch feature. This kill switch will help you terminate sessions, programs or systems if there is an accidental connection leak on the server.
Also note if the VPN service provider is keeping logs of your sessions, activities, timestamps, and the like. Read their privacy policy very carefully. Usually, it is questionable for VPN providers to keep logs. If you want to have complete protection, no one should be keeping records of your activities, as these logs can put your online privacy at risks. We cover the privacy policy of every VPN we review on our site.
These are just some of the considerations that you should keep in mind if you are looking for the right VPN service.