A massive malicious typosquatting campaign using more than 200 domains was identified last October.

Its aim ?

The hackers pretended to be famous brands (27 in total) in order to incite Internet users to download malicious software from fake sites or URLs.

Some of the phished versions of the sites were discovered by the cyber-espionage firm Cyble, which published a report on them. This report indicates that the truncated domains are imitations of popular download portals such as Google Play, APKCombo, APKPure, Snapchat, Tik Tok, etc.

As a reminder, typosquatting is a form of crime based on typos and spelling mistakes made by the Internet user when entering a web address in a browser.

In other words, the typosquatter buys domain names whose spelling or phonetics are close to those of a popular site or a well-known brand, so that the user who makes an unintentional spelling or typing error is directed to the site held by the pirate.

Typosquatters have the ability to imitate the appearance of the websites they have selected, their primary objective being to retrieve the personal information that the user has entered on one of these pages (credit card, bank details, address, etc.).

Furthermore, the sites to which visitors are directed may be pages containing advertisements or pornographic content that generate significant revenue for their owners.

According to Marijus Briedis, technical director and cybersecurity expert at NordVPN, "the scale of this malicious cyber campaign is worrying, and anyone using Windows or Android operating systems should be on their guard."

To be on guard against this domain name usurpation, it is recommended to :

•  Carefully check the spelling and grammar of words entered in the address bar ;
• Use threat protection software (antivirus) as they can detect fake sites before you open them ;
• Use a search engine to find a website rather than typing directly into the address bar.

Source : Globalsecurity

Vanessa Ntoh