Security News > 2023 > October > Google ads for KeePass, Notepad++ lead to malware

Google ads for KeePass, Notepad++ lead to malware
2023-10-19 09:11

Users using Google to search for and download the KeePass password manager and the Notepad++ text editor may have inadvertently gotten saddled with malware, says Jérôme Segura, Director of Threat Intelligence at Malwarebytes.

Malware peddlers have a number of clever tricks up their sleeve to make the malicious ads and the sites they lead to look legitimate.

"The malicious advert shows up when you perform a Google search for 'keepass', the popular open-source password manager. The ad is extremely deceiving as it features the official Keepass logo, URL and is featured before the organic search result for the legitimate website," he explained.

Converting Punycode to ASCII. The malicious site looks very similar to the legitimate one and victims think they are downloading KeePass but are actually downloading a digitally signed malicious.

In another campaign, a variety of Google search ads for Notepad++ pushed via different ad accounts lead some users to a replica of the real Notepad++ website.

In the former group, each potential victim is assigned a unique ID that will allow them to download the malicious payload. "This is likely for tracking purposes but also to make each download unique and time sensitive," Segura explained.


News URL

https://www.helpnetsecurity.com/2023/10/19/download-keepass-notepad/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Google 102 253 4216 4506 727 9702