Attackers are infecting a widely used virtual private network product sold by Cisco Systems to install backdoors that collect user names and passwords used to log in to corporate networks, security researchers said.