A recent deceptive ad campaign exposed a malicious ad block for KeePass, a popular open-source password manager. The ads are so deceptive that even experienced users can fall for the scam.
The attackers registered a copy of the international domain name using Punycode, a special character encoding, to look like the real KeePass website.
The visual difference between the two sites is so subtle that many people will undoubtedly fall for it. Users who click on the ad will be directed through an obfuscation service designed to filter out sandboxes, bots, and those who are not considered real victims.
Once redirected to the fake KeePass website, users may download a malicious installer that is actually part of the FakeBat malware family.
Source: Ferra
I am a professional journalist and content creator with extensive experience writing for news websites. I currently work as an author at Gadget Onus, where I specialize in covering hot news topics. My written pieces have been published on some of the biggest media outlets around the world, including The Guardian and BBC News.
