• Home
  • About
  • Contact
  • Privacy
  • Terms
  • DCMA
  • Write For Us / Submit
Tech News, Magazine & Review WordPress Theme 2017
  • Tech
    How Drones and 360-Degree Cameras Are Changing Bridal Photoshoots

    How Drones and 360-Degree Cameras Are Changing Bridal Photoshoots

    120+ Best Creative Names for Team at Work

    120+ Best Creative Names for Team at Work

    Can You Repair Printed Circuit Board ?

    Mastering PCB Board Repair Comprehensive Guide

    Breaking Barriers Federal Inmate Texting Service

    Breaking Barriers Federal Inmate Texting Service

    transfer whatsapp from android to iphone

    How to Transfer WhatsApp from Android to iPhone!

    Understanding the Role of Humidity Chambers in Climate Testing

    Understanding the Role of Humidity Chambers in Climate Testing

    Everything You Get to Know About Movember Beard Memes

    Everything You Get to Know About Movember Beard Memes

    Best Book Recommendation Apps

    11 Best Book Recommendation Apps

    How to quickly divide or Split PDF files

    How to Quickly Divide or Split PDF Files

  • Gear
    • All
    • Camera
    • Laptop
    • Smartphone
    The New Galaxy Watch Ultra and Galaxy Ring Are Announced by Samsung

    The New Galaxy Watch Ultra and Galaxy Ring Are Announced by Samsung

    Exploring the Innovative Features of Pear Phones

    Exploring the Innovative Features of Pear Phones

    Latest Smart Home Gadgets for a Connected Life

    Latest Smart Home Gadgets for a Connected Life

    Eco-Friendly Products for Students

    Eco-Friendly Products for Students

    Essential Photography Equipment and Gadgets

    Mastering Your Shots: Essential Photography Equipment and Gadgets

    Level Up Your Game: Must-Have Gaming Gear!

    Level Up Your Game: Must-Have Gaming Gear!

    Trending Tags

    • Best iPhone 7 deals
    • Apple Watch 2
    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • iOS 10
    • iPhone 7
    • Sillicon Valley
  • Gaming
    Master the World of Online Gaming with the Best Gaming VPN

    Master the World of Online Gaming with 3 Best Gaming VPN

    7 Powerful Strategies to Overcome Video Game Addiction and Reclaim Your Life

    7 Powerful Strategies to Overcome Video Game Addiction and Reclaim Your Life

    Powerful Ways Xbox Cloud Gaming is Revolutionizing the Gaming World

    5 Powerful Ways Xbox Cloud Gaming is Revolutionizing the Gaming World

    9 Best Alternative Games Like Kahoot

    9 Best Alternative Games Like Kahoot

    The Top 8 Free Bubble Shooter Games for Endless Entertainment

    The Top 8 Free Bubble Shooter Games for Endless Entertainment

    Cloud Gaming Revolution: How Streaming is Changing the Future of Gaming

    Cloud Gaming Revolution: How Streaming is Changing the Future of Gaming

  • Crypto
    How Drones and 360-Degree Cameras Are Changing Bridal Photoshoots

    How Drones and 360-Degree Cameras Are Changing Bridal Photoshoots

    120+ Best Creative Names for Team at Work

    120+ Best Creative Names for Team at Work

    Can You Repair Printed Circuit Board ?

    Mastering PCB Board Repair Comprehensive Guide

    Breaking Barriers Federal Inmate Texting Service

    Breaking Barriers Federal Inmate Texting Service

    transfer whatsapp from android to iphone

    How to Transfer WhatsApp from Android to iPhone!

    Understanding the Role of Humidity Chambers in Climate Testing

    Understanding the Role of Humidity Chambers in Climate Testing

    Everything You Get to Know About Movember Beard Memes

    Everything You Get to Know About Movember Beard Memes

    Best Book Recommendation Apps

    11 Best Book Recommendation Apps

    How to quickly divide or Split PDF files

    How to Quickly Divide or Split PDF Files

  • Business
    How Drones and 360-Degree Cameras Are Changing Bridal Photoshoots

    How Drones and 360-Degree Cameras Are Changing Bridal Photoshoots

    120+ Best Creative Names for Team at Work

    120+ Best Creative Names for Team at Work

    Can You Repair Printed Circuit Board ?

    Mastering PCB Board Repair Comprehensive Guide

    Breaking Barriers Federal Inmate Texting Service

    Breaking Barriers Federal Inmate Texting Service

    transfer whatsapp from android to iphone

    How to Transfer WhatsApp from Android to iPhone!

    Understanding the Role of Humidity Chambers in Climate Testing

    Understanding the Role of Humidity Chambers in Climate Testing

    Everything You Get to Know About Movember Beard Memes

    Everything You Get to Know About Movember Beard Memes

    Best Book Recommendation Apps

    11 Best Book Recommendation Apps

    How to quickly divide or Split PDF files

    How to Quickly Divide or Split PDF Files

No Result
View All Result
Geeky Insider
  • Tech
    How Drones and 360-Degree Cameras Are Changing Bridal Photoshoots

    How Drones and 360-Degree Cameras Are Changing Bridal Photoshoots

    120+ Best Creative Names for Team at Work

    120+ Best Creative Names for Team at Work

    Can You Repair Printed Circuit Board ?

    Mastering PCB Board Repair Comprehensive Guide

    Breaking Barriers Federal Inmate Texting Service

    Breaking Barriers Federal Inmate Texting Service

    transfer whatsapp from android to iphone

    How to Transfer WhatsApp from Android to iPhone!

    Understanding the Role of Humidity Chambers in Climate Testing

    Understanding the Role of Humidity Chambers in Climate Testing

    Everything You Get to Know About Movember Beard Memes

    Everything You Get to Know About Movember Beard Memes

    Best Book Recommendation Apps

    11 Best Book Recommendation Apps

    How to quickly divide or Split PDF files

    How to Quickly Divide or Split PDF Files

  • Gear
    • All
    • Camera
    • Laptop
    • Smartphone
    The New Galaxy Watch Ultra and Galaxy Ring Are Announced by Samsung

    The New Galaxy Watch Ultra and Galaxy Ring Are Announced by Samsung

    Exploring the Innovative Features of Pear Phones

    Exploring the Innovative Features of Pear Phones

    Latest Smart Home Gadgets for a Connected Life

    Latest Smart Home Gadgets for a Connected Life

    Eco-Friendly Products for Students

    Eco-Friendly Products for Students

    Essential Photography Equipment and Gadgets

    Mastering Your Shots: Essential Photography Equipment and Gadgets

    Level Up Your Game: Must-Have Gaming Gear!

    Level Up Your Game: Must-Have Gaming Gear!

    Trending Tags

    • Best iPhone 7 deals
    • Apple Watch 2
    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • iOS 10
    • iPhone 7
    • Sillicon Valley
  • Gaming
    Master the World of Online Gaming with the Best Gaming VPN

    Master the World of Online Gaming with 3 Best Gaming VPN

    7 Powerful Strategies to Overcome Video Game Addiction and Reclaim Your Life

    7 Powerful Strategies to Overcome Video Game Addiction and Reclaim Your Life

    Powerful Ways Xbox Cloud Gaming is Revolutionizing the Gaming World

    5 Powerful Ways Xbox Cloud Gaming is Revolutionizing the Gaming World

    9 Best Alternative Games Like Kahoot

    9 Best Alternative Games Like Kahoot

    The Top 8 Free Bubble Shooter Games for Endless Entertainment

    The Top 8 Free Bubble Shooter Games for Endless Entertainment

    Cloud Gaming Revolution: How Streaming is Changing the Future of Gaming

    Cloud Gaming Revolution: How Streaming is Changing the Future of Gaming

  • Crypto
    How Drones and 360-Degree Cameras Are Changing Bridal Photoshoots

    How Drones and 360-Degree Cameras Are Changing Bridal Photoshoots

    120+ Best Creative Names for Team at Work

    120+ Best Creative Names for Team at Work

    Can You Repair Printed Circuit Board ?

    Mastering PCB Board Repair Comprehensive Guide

    Breaking Barriers Federal Inmate Texting Service

    Breaking Barriers Federal Inmate Texting Service

    transfer whatsapp from android to iphone

    How to Transfer WhatsApp from Android to iPhone!

    Understanding the Role of Humidity Chambers in Climate Testing

    Understanding the Role of Humidity Chambers in Climate Testing

    Everything You Get to Know About Movember Beard Memes

    Everything You Get to Know About Movember Beard Memes

    Best Book Recommendation Apps

    11 Best Book Recommendation Apps

    How to quickly divide or Split PDF files

    How to Quickly Divide or Split PDF Files

  • Business
    How Drones and 360-Degree Cameras Are Changing Bridal Photoshoots

    How Drones and 360-Degree Cameras Are Changing Bridal Photoshoots

    120+ Best Creative Names for Team at Work

    120+ Best Creative Names for Team at Work

    Can You Repair Printed Circuit Board ?

    Mastering PCB Board Repair Comprehensive Guide

    Breaking Barriers Federal Inmate Texting Service

    Breaking Barriers Federal Inmate Texting Service

    transfer whatsapp from android to iphone

    How to Transfer WhatsApp from Android to iPhone!

    Understanding the Role of Humidity Chambers in Climate Testing

    Understanding the Role of Humidity Chambers in Climate Testing

    Everything You Get to Know About Movember Beard Memes

    Everything You Get to Know About Movember Beard Memes

    Best Book Recommendation Apps

    11 Best Book Recommendation Apps

    How to quickly divide or Split PDF files

    How to Quickly Divide or Split PDF Files

Submit
Geeky Insider
No Result
View All Result

Typosquatting Racket Pushing Malware at Windows, Android Users

by Staff Writer
October 25, 2022
in Android
Reading Time: 5 mins read
Typosquatting Racket Pushing Malware at Windows, Android Users
Share on FacebookShare on Twitter

A large-scale phishing campaign built on typosquatting is targeting Windows and Android users with malware, according to a threat intelligence firm and cybersecurity website.

The campaign currently underway uses more than 200 typosquatting domains that impersonate 27 brands to hoodwink web surfers to download malicious software to their computers and phones, BleepingComputer reported Sunday.

Table of Contents

Toggle
  • READ ALSO
  • The Snapdragon 8 Gen 2 Will Power 2023’s Best Android Phones
  • The ultimate guide to Android contacts management
  • Unusual Scale
  • Why Typosquatting Works
  • Some Domain Registrars Blameworthy
  • Mobile Browsers More Susceptible
  • How To Protect Against Typosquatting

READ ALSO

The Backbone One paired with an Android phone.

Backbone Launches a Mobile Gamepad for Android Phones – Review Geek

November 16, 2022
Google to pay US$391 million for misleading Android users on location tracking

Google to pay US$391 million for misleading Android users on location tracking

November 16, 2022

Threat intelligence firm Cyble revealed the campaign last week in a blog. It reported that the phishing websites deceive visitors into downloading fake Android applications impersonating Google Wallet, PayPal, and Snapchat, which contain the ERMAC banking Trojan.

BleepingComputer explained that while Cyble focused on the campaign’s Android malware, a much larger operation aimed at Windows is being deployed by the same threat actors. That campaign has more than 90 websites crafted to push malware and steal cryptocurrency recovery keys.

Typosquatting is an old technique for redirecting cyberspace travelers to malicious websites. In this campaign, BleepingComputer explained, the domains used are very close to the originals, with a single letter swapped out of the domain or an “s” added to it.

The phishing sites look authentic, too, it added. They’re either clones of the real sites or enough of a knock-off to fool a casual visitor.

Typically, victims end up at the sites by making a typo in a URL entered on the address bar of a browser, it continued, but the URLs are also sometimes inserted in emails, SMS messages, and on social media.

“Typosquatting is not novel,” said Sherrod DeGrippo, vice president for threat research and detection at Proofpoint, an enterprise security company in Sunnyvale, Calif.

“Goggle.com was sending accidental visitors to a malicious site with drive-by malware downloads as early as 2006,” DeGrippo told TechNewsWorld.

Unusual Scale

Although the campaign uses tried-and-true phishing techniques, it has some distinguishing characteristics; security experts told TechNewsWorld.

“The size of this campaign is unusual, even if the technique is old-school,” observed Mike Parkin, senior technical engineer at Vulcan Cyber, a provider of SaaS for enterprise cyber risk remediation, in Tel Aviv, Israel.

“This particular campaign appears to be much larger in scale than typical typosquatting attempts,” added Jerrod Piker, a competitive intelligence analyst with Deep Instinct, a deep learning cybersecurity company in New York City.

Focusing on mobile apps is another departure from the norm, noted Grayson Milbourne, security intelligence director at OpenText Security Solutions, a global threat detection and response company.

“The targeting of mobile apps and associated websites with the goal of distributing malicious Android apps is something that isn’t new but isn’t as common as typosquatting that targets Windows software websites,” he said.

What’s interesting about the campaign is its reliance on both typing mistakes made by users and the intentional delivery of malicious URLs to targets, observed Hank Schless, senior manager for security solutions at Lookout, a San Francisco-based provider of mobile phishing solutions.

“This appears to be a well-rounded campaign with [a] high chance of success if an individual or organization doesn’t have proper security in place,” he said.

Why Typosquatting Works

Phishing campaigns that exploit typosquatting don’t need to be innovative to succeed, maintained Roger Grimes, a defense evangelist at KnowBe4, a security awareness training provider in Clearwater, Fla.

“All typosquatting campaigns are fairly effective without needing advanced or new tricks,” he told TechNewsWorld. “And there are many advanced tricks, such as homoglyphic attacks, that add another layer that could fool even the experts.”

Homoglyphs are characters that resemble each other, such as the letter O and zero (0), or the uppercase I and the lowercase letter l (EL), which look identical in a sans serif font, like Calibri.

“But you don’t find a ton of these more advanced attacks out there because they don’t need them to be successful,” Grimes continued. “Why work hard when you can work easy?”

Typosquatting works because of trust, contended Abhay Bhargav, CEO of AppSecEngineer, a security training provider in Singapore.

“People are so used to seeing and reading well-known names that they think a site, app, or software package named nearly the same and with the same logo is the same as the original product,” Bhargav told TechNewsWorld.

“People don’t stop to think about the minor spelling discrepancies or the domain discrepancies that distinguish the original product from the fake,” he said.

Some Domain Registrars Blameworthy

Piker explained that it’s very easy to “fat finger” while typing a URL, so PayPal becomes PalPay.

“It would get loads of hits,” he said, “especially since typosquatting attacks generally present a web page that is essentially a clone of the original.”

“Attackers also snatch up several similar domains to ensure that many different typos will match,” he added.

The present domain registration systems don’t help matters either, Grimes asserted.

“The problem is made worse because some services let bad websites get TLS/HTTPS domain certificates, which many users believe means the website is safe and secure,” he explained. “Over 80% of malware websites have a digital certificate. It makes a mockery of the whole public key infrastructure system.”

“On top of that,” Grimes continued, “the internet domain naming system is broken, allowing obviously rogue internet domain registrars to get rich registering domains which are easy to see are going to be used in some sort of misdirection attack. The profit incentives, which reward registrars for looking the other way, are a big part of the problem.”

Mobile Browsers More Susceptible

Hardware form factors can also contribute to the problem.

“Typosquatting is far more effective on mobile devices because of how mobile operating systems are built to simplify user experience and minimize clutter on the smaller screen,” Schless explained.

“Mobile browsers and apps shorten URLs to improve their user experience, so the victim might not be able to see the full URL in the first place, much less spot a typo in it,” he continued. “People don’t usually preview a URL on mobile, which is something they might do on a computer by hovering over it.”

Typosquatting is definitely more effective for phishing on mobile phones because the URLs aren’t fully visible, agreed Szilveszter Szebeni, CISO and the co-founder of Tresorit, an email encryption-based security solutions company in Zurich.

“For running Trojans, not so much, because people usually use the app or play stores,” he told TechNewsWorld.

How To Protect Against Typosquatting

To protect themselves from becoming a victim of typosquatting phishing, Piker recommended users never follow links in SMS messages or emails from unknown senders.

He also advised taking care when typing URLs, especially on mobile devices.

DeGrippo added, “When in doubt, a user can Google the established domain name directly instead of clicking on a direct link.”

Meanwhile, Schless suggested that people be a little less trusting of their mobile devices.

“We know to install anti-malware and anti-phishing solutions on our computers, but have an inherent trust in mobile devices such that we think it’s not necessary to do the same on iOS and Android devices,” he said.

“This campaign is one of countless examples of how threat actors leverage that trust against us,” he noted, “which shows why it’s critical to have a security solution built specifically for mobile threats on your smartphone and tablet.”

Source by www.technewsworld.com

Related Posts

The Backbone mobile game controller is now available for Android devices
Android

The Backbone mobile game controller is now available for Android devices

November 17, 2022
New Android Auto Example 2022 2
Android

Android Auto beta program lets more people to sign up and try the redesign

November 16, 2022
The Backbone One paired with an Android phone.
Android

Backbone Launches a Mobile Gamepad for Android Phones – Review Geek

November 16, 2022
Google to pay US$391 million for misleading Android users on location tracking
Android

Google to pay US$391 million for misleading Android users on location tracking

November 16, 2022

Recommended.

Close-up of Apple's rumored pill-and-hole notch replacement for the iPhone 14 Pro.

iPhone 14 Pro models to feature faster RAM than standard models

July 27, 2022
Google to Let Some Customers Pay for Cloud Services With Cryptocurrency

Google to Let Some Customers Pay for Cloud Services With Cryptocurrency

October 13, 2022

Trending.

No Content Available
  • Home
  • About
  • Contact
  • Privacy
  • Terms
  • DCMA
  • Write For Us / Submit
Contact us for submission queries. editor[at]geekyinsider.com.
No Result
View All Result
  • Home
  • Review
  • Apple
  • Gaming
  • Gadget and Gear
    • Camera
    • Smartphone
  • Microsoft
  • Security