Beware Pirate Chick, the fake VPN that infects your device with malware

Pirate Chick VPN

You have probably not come across a VPN called Pirate Chick VPN before. You certainly won’t find it referenced on sites like ours. That’s because there is no such VPN.

But, there is a piece of malicious software that goes by that name and purports to be a VPN. It isn’t. Instead, it is a fake VPNs which will actually download malicious malware onto your device.

All about Pirate Chick – the fake VPN

Pirate Chick VPN was first identified by Malware Hunter. They then informed Bleeping Computer which double-checked their findings and reached the same conclusions. It is currently being distributed as part of a fake Adobe update package.

This is not just any old piece of malware. Adware needs to look legitimate if it wants unsuspecting users to download it, so the people behind Pirate Chick have gone to a great deal of effort to ensure it looks kosher.

It has a website which is basic but still looks like any other VPN website (we are not linking for obvious reasons). It includes a three-month free trial and proudly states that no credit card is needed to sign up. After, that it offers extremely competitive prices with an option of a daily rate of $0.25.

But there are a few clues on the website too. They proudly state that they have 50+ servers available, but on the same page claim to have more than 120 locations. There is also an obviously fake address which places the owners of Pirate Chick in Minsk, Belarus, not exactly a country renowned for its online rights.

As Bleeping Computer also note, even the executables behind the Pirate Chick VPN download looks ok. They use a certificate signed off in the UK (not Belarus) from a UK company called ATX International Limited.

As they note, a lot of malware is linked to UK businesses at the moment. The similarities between the abbreviation in the name and the word ‘attack’ is also pretty ominous, especially when we see what Pirate Chick VPN is hiding under the bonnet.

What’s underneath Pirate Chick VPN?

When you download the Pirate Chick VPN software, it will also install a payload into a %Temp% folder. This payload will then execute without the user’s knowledge.

According to Bleeping Computer, this payload used to be AZORult, a trojan programme which was designed to steal passwords. Currently, it is a piece of process monitoring software, although this is likely to be a stop-gap before a new piece of malware is put in its place.

The payload is designed not to execute if the user is located in Russia, Belarus, Ukraine, or Kazakhstan, which gives an indication of where the people behind the malware are actually from.

It is also cleverly tailored not to execute if it detects certain processes on your device which would expose it. For everyone else, it downloads a working executive file which is saved to a file called %Temp%\wohsm.exe.

All of this happens before users even see the legitimate-looking screen inviting you to download Pirate Chick VPN.

A cautionary tale

Given what we know about the malicious software that comes uninvited with Pirate Chick VPN, it is safe to say that their VPN service is unlikely to cut the mustard if indeed it exists at all.

There are no shortage of free and fake VPNs out there that purport to offer a genuine VPN service but actually don’t. It seems highly likely that Pirate Chick VPN will fall into that category.

It could be even worse and far from securing your internet data, Pirate Chick could harvest your data in much the same way as Facebook’s infamous Onavo VPN does.

There has been a huge spike in VPN use around the world in recent years and this is something that cybercriminals and hackers are well aware of. The growing interest in VPNs offers them an opportunity and sadly there has also been a growth in fake and malicious VPNs like Pirate Chick too.

If you are planning to use a VPN or know someone who is, the best piece of advice is to tell them to do their research thoroughly before signing up and using a VPN. Comparison sites are useful places to learn about the best providers, but be aware that even some comparison sites are not all they seem.

Here at we are 100% independent and all our reviews and recommendations are based on our own experiences using these VPNs and what we think is best for our readers.

We have helped thousands of satisfied readers identify the right VPN for them and we continue to do so. Our recommended VPNs such as ExpressVPN, NordVPN, and IPVanish are highly regarded because they do what they say they will and have no unpleasant hidden surprises like Pirate Chick does.

Dodgy VPNs like Pirate Chick cause damage to the reputation of the entire VPN sector. This is why it is so important that they are exposed and more VPN don’t fall victims to malicious scams like this one.

David Spencer

Author: David Spencer

David is VPNCompare's News Editor. Anything going on in the privacy world and he's got his eye on it. He's also interested in unblocking sports allowing him to watch his favourite football team wherever he is in the world.

Away from writing, he enjoys reading and politics. He is currently learning Mandarin too... slowly.

Leave a Reply

Your email address will not be published. Required fields are marked *

Sign up to our newsletter

Get the latest privacy news, expert VPN guides & TV unblocking how-to’s sent straight to your inbox.

ExpressVPN deal