Next time you accidentally type “.om” instead of “.com” in your browser, beware of malware. A new scam targets URL typos and tries to install dangerous software on your computer.
Endgame discovered the malware after a user mistyped Netflix.com:
He did not get a DNS resolution error, which would have indicated the domain he typed doesn’t exist. Instead, due to the registration of “netflix.om” by a malicious actor, the domain resolved successfully. His browser was immediately redirected several times, and eventually landed on a “Flash Updater” page with all the usual annoying (and to an untrained user, terrifying) scareware pop-ups. Luckily, the Endgamer recognized danger and retreated swiftly, avoiding harm.
They identified the download as “Adware Genieo,” which poses as a standard Adobe Flash update, then installs itself as an extension to Chrome, Firefox, or Safari. Endgame calls it typosquatting, and it’s not limited to the Flash Updater page. Some pages will use surveys, advertisements, or scareware tactics to get you to download the malware.
They’ve included a full list of over 300 domains that appear suspect here. For more detail, head to the link below.
What does Oman, the House of Cards, and Typosquatting Have in Common? The .om Domain and the Dangers of Typosquatting | Endgame via Business Insider
Photo by Perspecsys Photos.