arstechnica,
@arstechnica@mastodon.social avatar

Google-hosted malvertising leads to fake Keepass site that looks genuine

Google-verified advertiser + legit-looking URL + valid TLS cert = convincing look-alike.

https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/?utm_brand=arstechnica&utm_social-type=owned&utm_source=mastodon&utm_medium=social

hopfgeist,
@hopfgeist@digitalcourage.social avatar

@arstechnica Speaking of google, today was the first time I got one of those deepfake Elon Musk-videos about something something cryptocurrency as an ad before a youtube video. And I could find no way to flag or report an ad. I've reported those abominations when they were normal videos, but as ads?

mah,
@mah@fosstodon.org avatar

@arstechnica this is the main reason we need package managers and maintainers, going to a website and clicking on an ad that looks like a download button or worse getting tricked by your crappy search engine into a malicious result is not viable for the average consumer.

https://scoop.sh
https://brew.sh
https://nixos.org

jwcph,
@jwcph@norrebro.space avatar

@arstechnica Well, if you use a service called "Keep Ass" you're really asking for trouble...

Daojoan,
@Daojoan@mastodon.social avatar

@arstechnica you also see a lot of this with crypto tools / apps. IE, folks will run ads for fake wallet sites that then drain users.

You can debate the worth of crypto till the cows come home.

But we can’t debate that ad platforms need to take their own duty of care seriously.

ilcomizietto,

@arstechnica With addon "IDN safe" the fake keepass site is blocked: https://addons.mozilla.org/it/firefox/addon/idn-safe/

shuvashish76,

Detailed report from #Malwarebytes LABS
https://www.malwarebytes.com/blog/threat-intelligence/2023/10/clever-malvertising-attack-uses-punycode-to-look-like-legitimate-website

#privacy #security

hopfgeist,
@hopfgeist@digitalcourage.social avatar

@arstechnica One more reason to stop using google. As if we needed more. I try to educate my family to stop saying "you can google it." What's wrong with saying "search for it." ("startpage it" doesn't quite have the ring to it ...".)

billyjoebowers,
@billyjoebowers@mastodon.online avatar

@hopfgeist @arstechnica

I've never said "Google it" because that always seemed like a weird way to say "search", Like you're in a cult or something.

Virginicus,

@hopfgeist @arstechnica Duck it.

gqcwwjtg,

@arstechnica badvertising

ontoros,

@arstechnica I used to trust #google products. Now that they’ve changed their focus to profiting and peddling malware, I can’t leave its ecosystem fast enough. Sad.

jackyan,
@jackyan@mastodon.social avatar

@arstechnica Ten years ago, we were hacked. The hacker put in what appeared to be Google Adsense code, which Google itself then marked as malicious and put up big security warnings to anyone trying to access our site on Chrome (as well as people linking to us). Even back then I knew not to trust Google ads!

benjamincodes,

@arstechnica Do people still use keepass? I assumed keepassxc was the "new" version and that keepass was abandoned in favor of xc.

ampersine,
@ampersine@mastodon.online avatar

@arstechnica
Also Google: “gosh why are so many people using ad blockers”

  • All
  • Subscribed
  • Moderated
  • Favorites
  • random
  • DreamBathrooms
  • ngwrru68w68
  • tester
  • magazineikmin
  • thenastyranch
  • rosin
  • khanakhh
  • InstantRegret
  • Youngstown
  • slotface
  • Durango
  • kavyap
  • mdbf
  • tacticalgear
  • JUstTest
  • osvaldo12
  • normalnudes
  • cubers
  • cisconetworking
  • everett
  • GTA5RPClips
  • ethstaker
  • Leos
  • provamag3
  • anitta
  • modclub
  • megavids
  • lostlight
  • All magazines
    •