Security News > 2023 > October > Fake KeePass site uses Google Ads and Punycode to push malware
A Google Ads campaign was found pushing a fake KeePass download site that used Punycode to appear as the official domain of the KeePass password manager to distribute malware.
Even worse, Google Ads can be abused to show the legitimate domain for Keepass in the advertisements, making the threat hard to spot even for more diligent and security-conscious users.
While Google has removed the original Punycode advertisement seen by Malwarebytes, BleepingComputer found additional ongoing KeePass ads in the same malware campaign.
Like the Punycode domain, this site pushes the same MSIX file that includes the same FakeBat PowerShell script to download and install malware on the Windows device.
Fake Cisco Webex Google Ads abuse tracking templates to push malware.
Bing Chat responses infiltrated by ads pushing malware.