Security News > 2023 > October > Google ads for KeePass, Notepad++ lead to malware
Users using Google to search for and download the KeePass password manager and the Notepad++ text editor may have inadvertently gotten saddled with malware, says Jérôme Segura, Director of Threat Intelligence at Malwarebytes.
Malware peddlers have a number of clever tricks up their sleeve to make the malicious ads and the sites they lead to look legitimate.
"The malicious advert shows up when you perform a Google search for 'keepass', the popular open-source password manager. The ad is extremely deceiving as it features the official Keepass logo, URL and is featured before the organic search result for the legitimate website," he explained.
Converting Punycode to ASCII. The malicious site looks very similar to the legitimate one and victims think they are downloading KeePass but are actually downloading a digitally signed malicious.
In another campaign, a variety of Google search ads for Notepad++ pushed via different ad accounts lead some users to a replica of the real Notepad++ website.
In the former group, each potential victim is assigned a unique ID that will allow them to download the malicious payload. "This is likely for tracking purposes but also to make each download unique and time sensitive," Segura explained.
News URL
https://www.helpnetsecurity.com/2023/10/19/download-keepass-notepad/
Related news
- Cloud storage lockers from Microsoft and Google used to store and spread state-sponsored malware (source)
- Azure domains and Google abused to spread disinformation and malware (source)
- Cyberattackers Exploit Google Sheets for Malware Control in Likely Espionage Campaign (source)
- New Voldemort malware abuses Google Sheets to store stolen data (source)
- Malware locks browser in kiosk mode to steal Google credentials (source)
- Android malware 'Necro' infects 11 million devices via Google Play (source)
- New Octo Android malware version impersonates NordVPN, Google Chrome (source)