Typosquat campaign mimics 27 brands to push Windows, Android malware

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,506
A massive, malicious campaign is underway using over 200 typosquatting domains that impersonate twenty-seven brands to trick visitors into downloading various Windows and Android malware.

Typosquatting is an old method of tricking people into visiting a fake website by registering a domain name similar to that used by genuine brands.

The domains used in this campaign are very close to the authentic ones, featuring a single letter position swap or an additional "s," making them easy for people to miss.

In terms of appearance, in most cases seen by BleepingComputer, the malicious websites are clones of the originals or at least convincing enough, so there's not much to give away the fraud.

Victims typically end up on these sites by mistyping the website name they want to visit in the browser's URL bar, which is not uncommon when typing on mobile.

However, users could also be led on these sites via phishing emails or SMS, direct messages, malicious social media and forum posts, and other ways.
Some browsers like Google Chrome and Microsoft Edge include typosquatting protection. However, in our tests, the browsers did not block any of the domains we tested.

To protect yourself from typosquatting domains, the best method to find a legitimate site is to search for a particular brand in a search engine.

However, you should avoid clicking on ads shown in search results, as there have been many cases where malicious ads are created to impersonate a real site.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top