Beware - this fake KeePass download site is just spreading malware

News
By
published

It even has a Google Ads campaign that looks legitimate

Magnifying glass enlarging the word 'malware' in computer machine code
(Image credit: Shutterstock)

Hackers are getting creative with malicious Google Ads campaigns, with a new scam spotted by cybersecurity researchers Malwarebytes meaning even more eagle-eyed visitors could fall prey and end up accidentally installing malware.

Hackers were spotted distributing malware by impersonating the KeePass password manager, initially by creating a website that looks almost identical to the genuine KeePass offering, and offer a program for download that looks and feels like the genuine article. 

However, in this case, the program would also come with the PowerShell script associated with the FakeBat malware loader, essentially compromising the endpoint.

Punycode

But that’s just half the work. The other half means getting people to visit the site. To do that - the crooks create malicious Google Ads. Usually, they would compromise an active Google Ads account (or buy one on the black market) and use it to set up a new campaign. When setting up this campaign, they would use Punycode to hide the malicious website’s URL and make it look genuine.

Punycode is an encoding standard built for internationalized domain names. In other words, it allows people to show words in ASCII that cannot be written in ASCII, bringing in non-Latin scripts (Cyrillic, or Chinese) into the Domain Name System (DNS).

With Punycode, the website’s true URL - "xn—eepass-vbb.info" would be displayed as "ķeepass.info". You might have not spotted it, but there’s a little dot below the letter k. And that’s how the threat actors get people to visit a fake site, thinking it’s real.

Malwarebytes notified Google of the trick and the search engine giant removed the malicious campaign. However, there are other similar campaigns out there that are still active, and probably plenty more of which cybersecurity researchers aren’t aware. It’s very important for users to be very careful when accessing sites through the search engine and always double-check the address in the URL bar.

Via BleepingComputer

More from TechRadar Pro

TOPICS
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Pirate skull cyber attack digital technology flag cyber on on computer CPU in background. Darknet and cybercrime banner cyberattack and espionage concept illustration.
Mac users targeted with new malware, so be on your guard
Fraude en ligne phishing
Google Search ads are being hacked to steal account info
A padlock resting on a keyboard.
Understanding and avoiding malvertizing attacks
Trojan
Hackers hide malware into website images to go unnoticed
Magnifying glass enlarging the word 'malware' in computer machine code
Fake CAPTCHA pages used to spread infostealer malware
A digital representation of a lock
Security experts are being targeted with fake malware discoveries
Latest in Security
A graphic showing fleet tracking locations over a city.
Lost & Found tracking site hit by major data breach - over 800,000 could be affected
US President Donald Trump speaks to the press as he signs an executive order to create a US sovereign wealth fund, in the Oval Office of the White House on February 3, 2025, in Washington, DC.
US set to pause cyber-offensive operations against Russia - but CISA says it won't stop
Web DDoS attacks see major surge as AI allows more powerful attacks
Polish space agency says it was hit by a cyberattack
Illustration of a hooked email hovering over a mobile phone
AWS misconfigurations reportedly used to launch phishing attacks
A concept image of someone typing on a computer. A red flashing danger sign is above the keyboard and nymbers and symbols also in glowing red surround it.
Microsoft Teams and other Windows tools hijacked to hack corporate networks
Latest in News
Michelle, Keats, and Doctor Amherst looking unimpressed and worried in The Electric State
Netflix drops trailer for The Electric State, and I'm getting serious District 9 vibes
YouTube TV
YouTube TV might be planning a big Netflix update that puts the best streaming services first
Google Pixel 9 Pro
Here are the 7 best Pixel 9 and Pixel Watch 3 features landing in March’s Pixel Feature Drop
Bang & Olufsen Beogram 4000C Saint Laurent Rive Droite Edition
Bang & Olufsen's latest reworked turntable is a masterpiece of retro revival, in a breathtaking wooden presentation box
Apple Watch Series 10
Apple unveils new Apple Watch bands – here's what's in the Spring 2025 collection
iPad Air M3
Apple makes one hardware change to the iPad Air that might be the best indicator of its true lightweight tablet intentions
More about security
A graphic showing fleet tracking locations over a city.

Lost & Found tracking site hit by major data breach - over 800,000 could be affected
A concept image of someone typing on a computer. A red flashing danger sign is above the keyboard and nymbers and symbols also in glowing red surround it.

Microsoft Teams and other Windows tools hijacked to hack corporate networks
Image showing Mo Salah of Liverpool

PSG vs Liverpool live stream: How to watch the Champions League game online
See more latest
Most Popular
Michelle, Keats, and Doctor Amherst looking unimpressed and worried in The Electric State
Netflix drops trailer for The Electric State, and I'm getting serious District 9 vibes
YouTube TV
YouTube TV might be planning a big Netflix update that puts the best streaming services first
Maserati MC20 Autonomous
This AI-driven Maserati just hit 197.7mph without a human behind the wheel
AI data center
Is Microsoft hesitating on AI? Days after CEO said it would be upping capacity, analyst claims tech giant has actually cancelled data center leases
Google Pixel 9 Pro
Here are the 7 best Pixel 9 and Pixel Watch 3 features landing in March’s Pixel Feature Drop
A graphic showing fleet tracking locations over a city.
Lost & Found tracking site hit by major data breach - over 800,000 could be affected
Copilot on a laptop
Microsoft quietly updates Copilot to cut down on unauthorized Windows activations
Shure MoveMic 88+ lifestyle image
Shure's tiny MoveMic 88+ gives creators a cheap and easy way to record crystal clear audio on a smartphone
Apple Watch Series 10
Apple unveils new Apple Watch bands – here's what's in the Spring 2025 collection
Vado SL 2
Specialized says calling its new Vado SL 2 Alloy an e-bike is still an insult – here's why