Researcher published a dangerous Windows 10 zero-day exploit
infosec

Researcher published a dangerous Windows 10 zero-day exploit

A security researcher today revealed at GitHub the existence of a zero-day vulnerability in Windows 10. Zero-day vulnerabilities are often called ...
Read More
infosec

School in Ohio fell victim to attack hacking with Trickbot

On Friday, a school in Ohio discovered he was hacked. In particular, malicious software infected systems and so ...
Read More
infosec

AMSA alerts users to phone frauds

AMSA has warned that it has received reports that its phone number has been used to make phishing via telephone ...
Read More
inet infosec

Does industrial robots increase the risk of cyber attacks?

The use of robots in industrial environments has greatly changed the conditions under which the various jobs are being done in the last ...
Read More
infosec

Cyber ​​warfare: What is it and which domains it affects?

The term cyber warfare refers to online warfare between governments by performing complex internet attacks. These carriers ...
Read More
Latest Posts

Misleading pages promote authentic adware programs

A Military Security Investigator accidentally discovered a group of sites with the familiar tactic typosquatting distributed software that contained adware. The programs were authentic and they were functioning properly, but they contained malicious add-ons.

adware bundles install

The first of these sites was discovered by Ivan Kwiatkowski. The malicious domain was keptass.fr, which seems to be a copy of keepass.info.

By downloading the Keepass executable file from keepass.fr, the user received a fully functional version of Keepass, but installed InstallCore adware.

This type of adware works as an add-on over an existing installation file, and displays its options when you run Setup. Thus, the program asks the user if they are interested in installing third programs such as AVG Antivirus shown in the figure below. For each third-party installation that is being made, the program creator (in this case keepass.fr) earns some money.

Some of these third programs proposed for installation are authentic and safe, such as AVG Antivirus. In other cases, however, adware, crypto miners, browser hijackers and more have been promoted.

But the fake keepass.fr site is not the only one of its kind. It's part of a large list of misleading domains, all registered with the same email. Other domains contained copies of programs such as 7zip, paint.net, inkscape, scribus, GParted, Audacity, Filezilla, Truecrypt, Blender, AdBlock.

Most domains were registered using .fr or .es TLD's, and their content was mainly available in French and Spanish.

According to Ivan, all these sites seem to be hosted on the same server, which means they will be easy to remove.

The list of malicious sites is as follows:

keepass.fr
7zip.fr
inkscape.fr
gparted.fr
clonezilla.fr
paintnet.fr
greenshot.fr
scribus.fr
audacity.es
stellarium.fr
celestia.fr
celestia.es
azureus.es
clonezilla.es
inkscape.es
paintnet.es
handbrake.es
gimp.es
thunderbird.es
unetbootin.org
unetbootin.net
notepad2.com
keepass.com

Do you have an opinion? Leave your comment.

The author allows you to copy his / her text only if you report the source (SecNews.gr), as an e-mail address (Live URL) of the article.
Updated on by

Reader Interactions

Leave a reply

Your email address is not published. Τα υποχρεωτικά πεδία σημειώνονται με *