Tainted VPN installers are being used to deliver a piece of surveillanceware dubbed EyeSpy as part of a malware campaign. A majority of the infections are said to originate in Iran, with smaller detections in Germany and the U.S.