0 0
Read Time:2 Minute, 6 Second

If you search the name 20Speed on Twitter, you will see that it has been suggested many times by different people as a tool to bypass filtering; One of the same models of VPNs that could be purchased with a Shatab card. Now, Bitdefender has reported that the Windows version of this VPN comes with spyware.

This VPN uses the tool of another Iranian company called SecondEye to spy on its users. The SecondEye website is out of reach, but this group had previously produced software to monitor people’s systems and sold it between $99 and $200.

Now, by adding codes related to SecondEye in the VPN installation phase, 20Speed has made it possible for itself to spy on users without their knowledge; From stealing files on the system and sending them to its own servers to using a keylogger to record everything the user types.

Checking the statistics of 20Speed website shows that it has had more than 900,000 visits in the last three months. Its Android application has more than 100,000 installs on Google Play. All this shows that we are dealing with a group that has probably taken a lot of victims so far

The current Windows version of this VPN (9.2) comes with spyware, but Bitdefender was able to detect spyware codes during installation until version 8.9. My guess is that they have been spying on people for at least more than a year. Of course, this collection has been operating since 2015

🟢 EyeSpy – Iranian Spyware Delivered in VPN Installers

🔴 bitdefender researchers have identified a campaign that misused the legal surveillance program SecondEye to spy on 20Speed VPN users.

The SecondEye program, which is a legal program for monitoring parents and employees, was developed in Iran.

In this campaign, by abusing this program, they turned it into a spy program called EyeSpy. When the victim installs VPN, he also installs this malware on his system.

Most of the victims of this campaign are in Iran, but some cases were also identified in Germany and America.

Malware has the ability to steal sensitive information such as: stored passwords, cryptocurrency wallet information, documents and images, information stored in the keyboard, and pressed keys (keylogger).

apk files available on our Telegram channel



This information can cause financial and moral losses (including blackmail, etc.).

If you use 20Speed VPN service, be sure to delete it from your system. Change passwords for sensitive sites.

Server : 20Speed.dynu.net
Port : 443
Secret : eef4359a9b325ff1d1e5084df0e0f7537b676f6f676c652e636f6d

Tab to set : Connect to Proxy

About Post Author

Treadstone 71

@Treadstone71LLC Cyber intelligence, counterintelligence, Influence Operations, Cyber Operations, OSINT, Clandestine Cyber HUMINT, cyber intel and OSINT training and analysis, cyber psyops, strategic intelligence, Open-Source Intelligence collection, analytic writing, structured analytic techniques, Target Adversary Research, cyber counterintelligence, strategic intelligence analysis, estimative intelligence, forecasting intelligence, warning intelligence, threat intelligence
Happy
Happy
0 %
Sad
Sad
0 %
Excited
Excited
0 %
Sleepy
Sleepy
0 %
Angry
Angry
0 %
Surprise
Surprise
0 %

By Treadstone 71

@Treadstone71LLC Cyber intelligence, counterintelligence, Influence Operations, Cyber Operations, OSINT, Clandestine Cyber HUMINT, cyber intel and OSINT training and analysis, cyber psyops, strategic intelligence, Open-Source Intelligence collection, analytic writing, structured analytic techniques, Target Adversary Research, cyber counterintelligence, strategic intelligence analysis, estimative intelligence, forecasting intelligence, warning intelligence, threat intelligence