Clever malvertising attack uses Punycode to look like KeePass's official website

Threat actors are well-known for imitating well-known brands in order to deceive users. In a recent malvertising campaign, we discovered a deceptive Google ad for KeePass, the open-source password manager. We recently reported on how brand impersonations are becoming more widespread as a result of a feature known as tracking templates, but this attack added another degree of deceit.

To impersonate the genuine KeePass site, the malicious actors registered a duplicate internationalized domain name that employs Punycode, a particular character encoding. The visual difference between the two sites is so small that many users will undoubtedly be misled.x000D We have reported this event to Google, however consumers should be aware that the ad is still running.

Clever malvertising attack uses Punycode to look like KeePass's official website

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address

Clever malvertising attack uses Punycode to look like KeePass's official website

18-Oct-23

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address