What’s PaladinVPN.exe (PaladinVPN)? Is it safe or a virus?

PaladinVPN.exe is a software application developed by Ledger Media Ltd that provides virtual private network (VPN) services to its users.

A VPN is used to create a secure, encrypted connection over a less secure network, such as the internet. This allows users to protect their privacy and data security while browsing online.

While investigating this VPN, I found an FBI website that wrote that this specific VPN can cause PCs to become part of a botnet. https://www.fbi.gov/investigate/cyber/how-to-identify-and-remove-vpn-applications-that-contain-911-s5-backdoors

It writes "Free, illegitimate VPN applications that were created to connect to the 911 S5 service are: MaskVPN, DewVPN, PaladinVPN, ProxyGate, ShieldVPN, and ShineVPN. Unaware of the proxy backdoor, once users downloaded these VPN applications, they unknowingly became a victim of the 911 S5 botnet. The proxy backdoor enabled 911 S5 users to re-route their devices through victims’ devices, allowing criminals to carry out crimes such as bomb threats, financial fraud, identity theft, child exploitation, and initial access brokering. By using a proxy backdoor, criminals made nefarious activity appear as though it was coming from the victims’ devices."

A botnet is a group of internet-connected devices, such as computers, smartphones, or IoT devices, that have been compromised and infected with malicious software, allowing a single attack source to control them remotely. Botnets are often used to carry out large-scale cyberattacks, like distributed denial-of-service (DDoS) attacks, spread spam or malware, or steal sensitive information from the infected devices.

Researched by Laura @ SpyShelter Labs