Subj : Beware - this fake KeePass download site is just spreading malwar To : All From : TechnologyDaily Date : Fri Oct 20 2023 18:45:05 Beware - this fake KeePass download site is just spreading malware Date: Fri, 20 Oct 2023 17:36:22 +0000 Description: Scam site even has a legitimate-looking Google Ads campaign included. FULL STORY ====================================================================== Hackers are getting creative with malicious Google Ads campaigns, with a new scam spotted by cybersecurity researchers Malwarebytes meaning even more eagle-eyed visitors could fall prey and end up accidentally installing malware . Hackers were spotted distributing malware by impersonating the KeePass password manager , initially by creating a website that looks almost identical to the genuine KeePass offering, and offer a program for download that looks and feels like the genuine article. However, in this case, the program would also come with the PowerShell script associated with the FakeBat malware loader, essentially compromising the endpoint. Punycode But thats just half the work. The other half means getting people to visit the site. To do that - the crooks create malicious Google Ads. Usually, they would compromise an active Google Ads account (or buy one on the black market) and use it to set up a new campaign. When setting up this campaign, they would use Punycode to hide the malicious websites URL and make it look genuine. Punycode is an encoding standard built for internationalized domain names. In other words, it allows people to show words in ASCII that cannot be written in ASCII, bringing in non-Latin scripts (Cyrillic, or Chinese) into the Domain Name System (DNS). With Punycode, the websites true URL - "xneepass-vbb.info" would be displayed as "eepass.info". You might have not spotted it, but theres a little dot below the letter k. And thats how the threat actors get people to visit a fake site, thinking its real. Malwarebytes notified Google of the trick and the search engine giant removed the malicious campaign. However, there are other similar campaigns out there that are still active, and probably plenty more of which cybersecurity researchers arent aware. Its very important for users to be very careful when accessing sites through the search engine and always double-check the address in the URL bar. Via BleepingComputer More from TechRadar Pro Tackling malicious domains and typosquatting Here's a list of the best firewalls today These are the best endpoint protection tools around ====================================================================== Link to news story: https://www.techradar.com/pro/security/fake-keepass-download-site-used-to-spre ad-malware --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .