[At-Large] Ars Technica : Google-hosted malvertising leads to fake Keepass site that looks genuine Google-verified advertiser + legit-looking URL + valid TLS cert = convincing lookalike
Dev Anand Teelucksingh
devtee at gmail.com
Sun Oct 22 10:35:58 UTC 2023
I hope someone at the ICANN meeting can ask SSAC and the UASG as to what
steps are being (or could be) taken to minimize this happening
Dev T
https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/
“ Google has been caught hosting a malicious ad so convincing that there’s
a decent chance it has managed to trick some of the more security-savvy
users who encountered it. Looking at the ad, which masquerades as a pitch
for the open source password manager Keepass, there’s no way to know that
it’s fake. It’s on Google, after all, which claims to vet the ads it
carries. Making the ruse all the more convincing, clicking on it leads to
ķeepass[.]info, which, when viewed in an address bar, appears to be the
genuine Keepass site.
A closer look at the link, however, shows that the site is not the genuine
one. In fact, ķeepass[.]info—at least when it appears in the address bar—is
just an encoded way of denoting xn--eepass-vbb[.]info, which, it turns out,
is pushing a malware family tracked as FakeBat. Combining the ad on Google
with a website with an almost identical URL creates a near-perfect storm of
deception.”
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://atlarge-lists.icann.org/pipermail/at-large/attachments/20231022/ac4841f6/attachment.html>
More information about the At-Large
mailing list