New Malware Attacks When You Type A URL Incorrectly

New Malware Attacks When You Type A URL Incorrectly

Better watch where those fingers fall on the keyboard next time you type out a URL. Security researchers have discovered a new trend they’re calling typosquatting, where users are attacked after they mis-type web addresses.

Security firm Endgame has discovered 300 popular .com domain names — for the likes of Netflix, Dell and Citibank — that have been registered instead in Oman, where the top level domain is .om. But they aren’t providing a genuine service to the Middle Eastern country. Instead they have been set up for nefarious ends, redirecting to pages that attempt to install OS X malware called Genieo.

The malware itself is pretty standard adware. Visitors to the .om versions of these sites are redirected several times before being confronted with an Adobe Flash update. If the user accepts, the software is downloaded and installed, with unwanted adware extensions added to browsers like Firefox and Chrome. Obviously, it’s pretty easy to tell in these cases that Netflix.om isn’t a lot like Netflix.com — and certainly there’s scope for the individuals behind it to do a more convincing job.

It’s not the first time malware has been delivered in this way, of course — plenty of malware has been installed on computers via mis-typed URLs in the past. But Endgame claims that its team “weren’t aware of .om abuse”.

[Endgame via Threatpost]

Image by seth schwiet via Unsplash


The Cheapest NBN 50 Plans

It’s the most popular NBN speed in Australia for a reason. Here are the cheapest plans available.

At Gizmodo, we independently select and write about stuff we love and think you'll like too. We have affiliate and advertising partnerships, which means we may collect a share of sales or other compensation from the links on this page. BTW – prices are accurate and items in stock at the time of posting.