Google-hosted malvertising leads to fake Keepass site that looks genuine
Google-hosted malvertising leads to fake Keepass site that looks genuine
Google-verified advertiser + legit-looking URL + valid TLS cert = convincing look-alike.
Google-hosted malvertising leads to fake Keepass site that looks genuine
Google-verified advertiser + legit-looking URL + valid TLS cert = convincing look-alike.
You're viewing a single thread.
The bot skips an important point. The site looks really close to the genuine site, only difference being "ķeepass dot info" and not "keepass". Definitely easy to miss.
I feel like browsers should flag urls with unicode in their domains as suspicious by default. Maybe they already do, not sure. It's honestly surprising to me in 2023 if they don't.
I wouldn't mind if FF popped up and said "hey, take another look at that URL" and very clearly drew attention to the weird k character. Of course it would have a "I'm absolutely sure this isn't a scam, I own this domain or know who owns it and you don't need to warn me about it in the future" button, but better safe than sorry.
I thought that they only show unicode chars if they are used in one of the installed languages of the browser and if not they show the punycode instead 🤔
Incredibly easy to miss, damn.