Pirate Chick VPN is Secretly Spreading the AZORult Malware

Last updated July 13, 2021
Written by:
Bill Toulas
Bill Toulas
Infosec Writer

People who are looking for a free VPN that looks legit and promising may have stepped onto the trap of a product named 'Pirate Chick VPN.' With a logo of a chick winking at you as an implied message of 'piracy protection', this product is nothing else other than a propagator of the dangerous AZORult malware, which steals sensitive user information from the infected systems. As the product is promoted by numerous adware campaigns, it has already reached out to many thousands who believed they were getting a legitimate VPN tool.

To make it look utterly convincing, the developers of the malicious VPN software have gone through the trouble of designing a beautiful modern website, adding privacy policies and user agreements, and then adding a cost to the product. The bait was a 'three-month free trial' that required no credit card, so people could grab it right away and enjoy VPN services for a full three-month time! Sounds awesome, and combined with the polishing work done by the malicious developers, a lot of people out there have gulped the lie.

Pirate Chick digital signature

Image source: bleepingcomputer.com

The downloaded executable installer is signed by ATX International Limited, which is a UK-based company. This digital signature will help avoid any alerts from AV products that may be running on the victim’s system. Upon installation, the software downloads the malicious payload which for now acts as a process monitor, using debugging tools, network packet capturing utilities, and process identifiers. The countries that are excluded from damage are Russia, Belarus, Ukraine, and Kazakhstan. Moreover, the software checks if it’s running inside a virtual box, in which case it won’t run the payload.

Pirate Chick splash

Image source: bleepingcomputer.com

For those who meet the exploitation criteria, the payload is downloaded and gets decoded according to the base64, turning it into an executable. All this happens in the background, while the user is dealing with the 'Pirate Chick' setup procedure. Once the installation is done, the users are met with a splash screen which again offers the option of trying the VPN for three months, but clicking on the button does nothing. At this point, users may realize that they didn’t get a VPN software at all, or maybe they will just ignore it and attribute the failure to a bug.

To stay protected from this type of fake products, only use VPN solutions from reputable and trustworthy vendors, and don’t install updates to software such as Adobe Flash Player from irrelevant tools that prompt you to do so. Finally, beware that there are no real and trustworthy VPN solutions that offer more than a full month of a trial period. If you want to find out which are the best among those who do, check out our list with the 15 best free-trial VPNs.

Have something to say on the above? Feel free to do so in the comments down below, or on our socials, on Facebook and Twitter.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: