Site Promoting KeePass Password Manager Pushes Malware

silversurfer

silversurfer

Super Moderator
Thread author
Verified
Top Poster
Staff Member
Malware Hunter
Aug 17, 2014
11,093
Content source
https://www.bleepingcomputer.com/news/security/site-promoting-keepass-password-manager-pushes-malware/
A site that pretends to promote the popular KeePass password management software is actually distributing malware on unsuspecting visitors. This site is part of a larger network of sites distributing adware bundles as free programs.

Last year, we reported that fake sites were created to promote popular software, but when we analyzed the distributed files, we found that they were pushing adware bundles on unsuspecting visitors.

These sites were promoting software such as 7zip, Inkscape, Gparted, Paint.Net, Scribus, Audacity, Stellarium, Celestia, CloneZilla, KeePass, Notepad2, UNetBootIn, Gimp, HandBrak, and many more.

One of these sites, keepass.com, was discovered again this week and it, and many of the other known sites, are still distributing malware a year later.

While many consider adware bundles more of a nuisance than actual malware, this is not true. Many of the adware bundles we see today include offers that include password stealing trojans, miners, ransomware, and backdoors.

Adware is commonly spread through fake sites that pretend to distribute cracks, warez, and legitimate software, but when users download the programs they discover that the bundles are filled with "offers" that are installed as well.

For example, keepass.com looks like a legitimate site that is promoting the KeePass password management software.

Keeepass.com Site
Click to expand...
 
  • Like
Reactions: R2D2, Fel Grossi, CyberTech and 10 others
upnorth

upnorth

Level 68
Verified
Top Poster
Malware Hunter
Well-known
Jul 27, 2015
5,458
Another case that shows how important it is to try get software from it's main source, or at least from a well known. Using a domain and even https is real smart, because it will for sure lure people to download and install it.

KeePass genuine site/url.

KeePass Password Safe

KeePass is a free open source password manager. Passwords can be stored in an encrypted database, which can be unlocked with one master key.
keepass.info keepass.info
 
  • Like
  • Wow
  • Applause
Reactions: Fel Grossi, CyberTech, scot and 7 others
blackice

blackice

Level 39
Verified
Top Poster
Well-known
Apr 1, 2019
2,867
upnorth said:
Another case that shows how important it is to try get software from it's main source, or at least from a well known. Using a domain and even https is real smart, because it will for sure lure people to download and install it.

KeePass genuine site/url.

KeePass Password Safe

KeePass is a free open source password manager. Passwords can be stored in an encrypted database, which can be unlocked with one master key.
keepass.info keepass.info
Click to expand...

I honestly don’t understand why people download software from anywhere but the developer’s site, if they have one. Or from official links from dev’s to their github etc. Generally just googling (or whatever search you use, though in this case google is good at filtering) will show the developer’s site first.
 
  • Like
  • +Reputation
Reactions: CyberTech, bjm_, Nestor and 1 other person
blackice

blackice

Level 39
Verified
Top Poster
Well-known
Apr 1, 2019
2,867
upnorth said:
Sadly the url/site is shown as number 5 in a Google search. Google can easy eradicate this kind of sites, if they want.
3sMILyNR_o.png
Click to expand...

That is unfortunate, however personally I’d be checking the hits higher up first. Most people could use to research what they’re downloading first. But, a company such as google should have already filtered this junk out by now. I didn’t go that far down the list when I peeked.

Also, even legitimate sites can be compromised. That’s why I wish more companies would publish checksums.
 
  • Like
Reactions: CyberTech, Freki123, dinosaur07 and 2 others
J

JM Safe

Level 39
Verified
Top Poster
Apr 12, 2015
2,882
Unfortunately deceptive sites are popular to spread malware or also to get sensitive information from users. That's a serious issue. It is always good, as already mentioned, to download a software from the official homepage of the product or also from well known download sites.

Thanks for sharing this @silversurfer :)
 
  • Like
Reactions: CyberTech, scot and harlan4096
F

Freki123

Level 16
Verified
Top Poster
Aug 10, 2013
753
blackice said:
Also, even legitimate sites can be compromised. That’s why I wish more companies would publish checksums.
Click to expand...
I realy like checksums. You can take the devs checksum and load the program from another legit website . If they don't match better be careful.
 
  • Like
Reactions: blackice
You must log in or register to reply here.

Similar threads

I
    • Like
    • Wow
Google-hosted Malvertising; Clever punycode tricks experts to visit fake Keepass site
Replies
0
Views
946
News Archive
Ink
I
Gandalf_The_Grey
    • Like
Malware News Over 6,000 WordPress hacked to install plugins pushing infostealers
Replies
1
Views
1,159
Security News
Victor M
Victor M
Gandalf_The_Grey
    • Like
    • +Reputation
    • Wow
Malware News Malware force-installs Chrome extensions on 300,000 browsers, patches DLLs
Replies
13
Views
2,909
Security News
Trident
Trident

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top