Jump to content
  • Massive Fake Website Campaign Spreading Malware detected

    alf9872000

    • 328 views
    • 2 minutes
     Share


    • 328 views
    • 2 minutes

    Security researchers have detected a big malware campaign that is using fake websites to impersonate popular products and brands to spread malware. So-called typosquatting attacks register domain names that resemble the domain names of legitimate products. Many times, only a single character is different, added or removed from the domain name.

     

    While observant Internet users may spot the fake site by looking at the domain name, many rely on visual elements of the site instead to judge its authentiticy.

     

    The campaign uses at least over 200 typosquatting domains to impersonate 27 brands, including TikTok, Figma, PayPal, SnapChat, APK Pure, Google Wallet or Microsoft Visual Studio Code.

     

    Originally detected by cyber-security firm Cyble, the company believed that the campaign was targeting Android primarily by creating fake sites to download Android APK files. Our colleagues over at Bleeping Computer discovered that the campaign extends beyond Android, as it targets brands in software, cryptocurrency and other niches as well.

     

    Even popular open source programs, such as Notepad++, Thunderbird or Tor Browser, are among the impersonated brands. Some domain names look very similar to the original and most websites look like exact replicas of the original sites.

     

    The campaign spreads different types of malware. Bleeping Computer found the info-stealing malware Vidar Stealer on a fake Notepad++ site, and the Agent Tesla keylogger and RAT on a site impersonating the Tor Project website.

     

    The malicious sites are spread using various methods, including by email, by accidental typos from users, and other means, which may include via chat messages, social sites or by SMS.

     

    Most sites should be blocked in modern web browsers by now. An attempt to open them in a browser should display a security warning. There is the chance, however, that new sites are created that are not yet blocked.

     

    The main protection against these type of sites is to check the address of the site before interacting with it. It takes just a second or two to check the URL of the site and determine whether it is the real site or not. If users do not know the real domain, they may use search engines to find the right homepage. Sometimes, local data may also help in identifying the correct website.

     

    It is also a good idea to avoid clicking on any links in emails and on social sites.

     

    Source


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...