Hackers are using this incredibly sneaky trick to hide malwa…

One of the most important things you can do to protect your online security is to install one of the best password managers, but a recent cyberattack proves you still have to be careful when doing so. . Due to some hidden malware hidden in Google Ads, your PC may get viruses.

The issue affects the popular password manager KeePass – or rather, it attempts to impersonate KeePass by using deceptive Google ads. First spotted by Malwarebytes, the nefarious link appears at the top of search results, meaning you’ll see it before legitimate websites appear below it.

A hacker is typing on an Apple MacBook laptop, showing code on his screen.
Sora Shimazaki/Pexels

Normally, this may not be a problem. This is because Google Ads shows the address of the target website before you click on the link, so you can identify it as fake. However, in this case, the KeePass impersonator uses a clever trick to disguise its URL, making it look like an advertising link to the official KeePass website. That devious deception can fool even the most security-conscious web user.

The malware website uses Punycode, which can insert special characters into website addresses. In this case, it replaces the K in KeePass with a K with an almost indistinguishable pronunciation below. At a cursory glance, you might not even notice it. Finally, this means that you will not visit the actual KeePass website.

how to stay safe

A search result showing a malicious Google ad for KeePass Password Manager, with the ad impersonating the official website.

Once you click on the malicious link, you are immediately redirected through a variety of URLs that are used to screen and filter visitors. If websites determine that you are a bot or running your web browser in a locked-down sandbox environment, you will not be able to make it to the final destination. If you are considered a genuine user, you will be redirected to the malware website.

Once there, you’ll be asked to download a virus that disguises itself as KeePass Password Manager. In an earlier analysis, security firm Sophos found that this virus is linked to a variety of malicious apps that steal your passwords, credit card data, and more.

How can you stay safe from this type of malware? The first and most obvious answer is to use an ad blocking extension in your web browser. This will prevent these malicious websites from reaching you, no matter how sophisticated their fraudulent tactics are.

Also, it is important to install a strong antivirus app. If you do not use an ad blocker, you should be extremely careful when clicking on any advertisements that appear in search results. If you are not, you may become a victim of malware without even thinking.

Leave a Comment