Vote 2020 graphic
Everything you need to know about and expect during
the most important election of our lifetimes

New Malware Attacks When You Type a URL Wrong

Image by seth schwiet via Unsplash
Image by seth schwiet via Unsplash

Better watch where those fingers fall on the keyboard next time you type out a URL. Security researchers have discovered a new trend they’re calling typosquatting, where users are attacked after they mis-type web addresses.

Advertisement

Security firm Endgame has discovered 300 popular .com domain names—for the likes of Netflix, Dell and Citibank—that have been registered instead in Oman, where the top level domain is .om. But they aren’t providing a genuine service to the Middle Eastern country. Instead they’ve been set up for nefarious ends, redirecting to pages that attempt to install OS X malware called Genieo.

The malware itself is pretty standard adware. Visitors to the .om versions of these sites are redirected several times before being confronted with an Adobe Flash update. If the user accepts, the software’s downloaded and installed, with unwanted adware extensions added to browsers like Firefox and Chrome. Obviously, it’s pretty easy to tell in these cases that Netflix.om isn’t a lot like Netflix.com—and certainly there’s scope for the individuals behind it to do a more convincing job.

Advertisement

It’s not the first time malware has been delivered in this way, of course—plenty of malware has been installed on computers via mis-typed URLs in the past. But Endgame claims that its team “weren’t aware of .om abuse.”

[Endgame via Threatpost]

Share This Story

Get our newsletter

DISCUSSION

totallymeh
Indifferent Snowman.

I have a helpful tip to avoid this problem entirely! Type the website name ctrl+enter= adds .com and goes

shift+enter=adds .net and goes

ctrl+shift+enter= adds .org

It’s been a thing for ages in firefox and chrome for ages. If it’s not for Safari? Welp.

Unless I’m misunderstanding this, then welp, I’m dumb.