Clever malvertising attack uses Punycode to look like KeePass’s official website
Threat actors are known for impersonating popular brands in order totrick users. In a recent malvertising campaign, we observed a malicious Google ad for KeePass, the open-source password manager which was extremely deceiving. We previously reported on how brand impersonationsare a common occurrence these days due to a feature known as tracking templates, but this attack used an additional layer of deception.
The malicious actors registered a copycat internationalized domain name that uses Punycode, a special character encoding, to masquerade as thereal KeePass site. Thedifference between the two sites is visually so subtleit will undoubtably fool many people.
We have reported this incident to Google but would like to warn users that the ad is still currently running.
Ad blockers are security tools. This proves it once again.