Better watch where those fingers fall on the keyboard next time you type out a URL. Security researchers have discovered a new trend they’re calling typosquatting, where users are attacked after they mis-type web addresses.
Security firm Endgame has discovered 300 popular .com domain names—for the likes of Netflix, Dell and Citibank—that have been registered instead in Oman, where the top level domain is .om. But they aren’t providing a genuine service to the Middle Eastern country. Instead they’ve been set up for nefarious ends, redirecting to pages that attempt to install OS X malware called Genieo.
The malware itself is pretty standard adware. Visitors to the .om versions of these sites are redirected several times before being confronted with an Adobe Flash update. If the user accepts, the software’s downloaded and installed, with unwanted adware extensions added to browsers like Firefox and Chrome. Obviously, it’s pretty easy to tell in these cases that Netflix.om isn’t a lot like Netflix.com—and certainly there’s scope for the individuals behind it to do a more convincing job.
It’s not the first time malware has been delivered in this way, of course—plenty of malware has been installed on computers via mis-typed URLs in the past. But Endgame claims that its team “weren’t aware of .om abuse.”