An adware delivery ploy was uncovered recently that involved the distribution of adware programs via clone websites that use legitimate looking domains. The deceit came to light when a phony website keepass.fr was discovered that replicated the official site keepass.info. Keepass is an open source password manager tool that helps users to manage their passwords for Windows network logon, websites FTP password, email account, online passwords etc in a secure manner.
The clone of Keepass password manager app appears legitimate and is fully functional. However it is infected with the malicious InstallCore adware.
InstallCore is an adware program that bundles popular legitimate applications along with malicious third party applications. The user is lured to install the application that comes with a popular title without being aware of making the system susceptible to other adware infections. The offers shown in ads may be legitimate but they do not come alone. They are accompanied by other apps that may be malicious. For instance, crypto currency miners, browser hijackers, adware etc may be pushed along with the legitimate apps.
The motive behind this act is solely monetary. Each successful installation of additional adware programs earns a commission fee to the adware bundlers.
Keepass.fr is not the only cloned website. It is just a part of much collection of typo squatted domains.
For instance: If movies.com is a legitimate site, the typosquatter’s URL could be:
Typos made by users will land them on typosquatter’s website tricking them into thinking that they are on the real web page.
Other fake domains registered by this individual/group used famous sites such as:
TLDs mainly used for the registered fake website are .fr and .es. For example, audacity.fr, truecrypt.fr, blender3d.fr, filezilla.fr, thunderbird.es, audacity.es etc
Moreover, the content of these fake websites is either in French or Spanish depicting that the targeted audience of these cyber criminals is either French or Spanish. However, a small fraction of these websites contained content in English and utilized international TLDs.
The fact that all these malicious cloned sites are hosted on the same server has made the entire operation susceptible to an easy collapse.
Users are recommended to be cautious while downloading any software even from a legitimate site.
Moreover, scanning the software with an authenticated antivirus tool is a good practice. It spares users from additional headaches by detecting the threats.
Hits: 323
Subscribe to our newsletter today to receive updates on the Latest News and Threats.
Want to stay informed about the latest threats & malware? Sign up for our newsletter & learn how to get rid of all types of threats from your computer.