New Security Alert Issued Over Typosquatting Campaign That Impersonates Brands And Targets Users

A huge malware campaign is being highlighted recently that has managed to take over around 200 different malicious domains while impersonating dozens of international brands along the way.

These malware systems are designed for Android as well as Windows and they’ve managed to compromise more than 200 domains to carry out their objectives.

The news comes to us thanks to several cybersecurity researchers arising from the likes of Cyble. They were the ones who first took a glance at the campaign and sought help in distributing different types of malware seen in various users of Android.

These threat actors managed to create the domains themselves that were more or less identical to the real ones observed. They also managed to create countless domains that appear near to identical to various domains that belong to leading popular brands around the world. Think along the lines of TikTok, PayPal, and even Snapchat too.

Moreover, you might be shocked to learn how the domains have just one single symbol that may be variable from the rest. So either something is missing, deleted, or added as an extra to make it dissimilar to its counterpart.

This is the name given to a dangerous malware-spreading campaign that goes by the name of typosquatting. And you can find it being used in all sorts of attacks like GitHub. Here is where attackers make repositories that include names entailing those that are almost the exact same as repositories observed in today’s world. The aim is to spread as much malware as possible to far distances.

On this news. Bleeping Computer was seen expanding upon this research to figure out various types of domains that distributed malware through Windows users. For now, the exact manner through which such domains are being marketed is not clever but the report did highlight how it could be the victims who end up mistyping various domains on platforms or the threat actors who are busy conducting phishing or other types of social engineering. Then there was a little chat linked to SEO Poisoning.

Many threat actors made use of this typosquatting campaign so it could put out various malware types across the board. Some of the activity ended up stealing details linked to banking while others had to do with details linked to stored passwords and users’ search histories across various browsers. Then the element of tracking down IP addresses and accessing crypto wallets also arose.

The names of these campaigns included Agent Tesla and Vidar Stealer while the researchers claim the actors are busy using more modern techniques to carry out the worst form of devastation imaginable.

It appears to security analysts that in this case, it’s the threat actors experimenting with all sorts of things and seeing what really can attain their goals at the expense of users. Recently, there was a finding of a new website that steals seed phrases from Ethereum wallets.


Read next: Businesses Are Using Pirated Software to Save Money, Here’s Why That’s Dangerous
Previous Post Next Post