A fake X-VPN installer is being used to drop the STX RAT malware.
Researchers observed that attackers host a tampered installer on third‑party sites. When users download the file, the trojan runs silently and harvests saved credentials. The genuine X‑VPN client was not compromised; only the counterfeit binaries are dangerous.
The episode matters because VPN users often trust any installer that carries the brand name. Credential‑stealing malware can give attackers access to corporate accounts, banking logins, and personal data. Security teams will need to tighten download vetting and educate users on official sources.
In short, the VPN itself is fine – the problem is the download runway.