Cybersecurity company Trend Micro reports that these compromised installers are obtained outside of official sources. Basically, if you didn’t get it from Windscribe’s website, Google Play Store or Apple App Store, there’s a chance that the installer you got is unsafe. While the compromised installer installs the real Windscribe VPN, it also sneaks in a backdoor during the process.
This particular backdoor can do the usual things like downloading, executing and updating files, as well as take screen shots. In addition to those though, this particular backdoor is able to gather information like the name of the machine it’s infecting, the OS, and any antivirus it is running. That last one potentially makes the backdoor even harder to get rid off. This serves as another reminder to only download software from their official sources. Normally, the whole point of using a VPN is to keep your online experience safe. But if you download an infected installer, you’ll end up getting the opposite instead. (Source: Trend Micro)