Fake Proton VPN sites are pushing NWHStealer malware to Windows users

📅 28 April 2026 at 09:59 UTC📰 Cyber InsiderView original source ↗

A newly uncovered malware campaign is leveraging fake Proton VPN websites, alongside gaming mods and utility tools, to distribute a Windows infostealer known as NWHStealer. According to Malwarebytes, which documented the activity, attackers rely on a mix of deceptive websites, open platforms like GitHub and SourceForge, and even YouTube videos, some of which are AI-generated, … The post Fake Proton VPN sites are pushing NWHStealer malware to Windows users appeared first on CyberInsider.

🤖 AI BriefingAuto-generated threat analysis

🔍Threat Overview

NWHStealer malware is being distributed through fake Proton VPN sites, gaming mods, utility tools, and other platforms, targeting Windows users for sensitive data theft.

⚙️Technical Details

Affected Systems

Windows

Attack Vectors

Deceptive websitesGitHub and SourceForgeYouTube videos (including AI-generated)Free web hosting platforms (e.g., onworks[.]net)

💥Impact Assessment

Severity: critical

Who Is at Risk

Windows usersSeverity: critical

🛡️Recommended Actions

1Avoid downloading software from unofficial sources or links in YouTube descriptions

2Verify file signatures and check publisher information before installation

3Stick to official vendor websites for software downloads

Read the full article

This is a curated summary. The complete article is available at Cyber Insider.

Read on Cyber Insider ↗

← Back to feed