27 brands from different sectors are being impersonated in a typosquatting campaign to trick unsuspecting users and install malware in their systems.
Typosquatting is as old as the internet. The technique involves a malicious actor creating a fake website with a domain name similar to a legitimate brand. The aim is to trick people into visiting their website and downloading malicious files onto their systems.
While the technique has been around for years, there has been a recent upsurge. Security firm Cyble recently uncovered 200 typosquatting websites impersonating 27 well-known brands to trick visitors into downloading malware.
Brands under threat
The brands being impersonated are in various sectors, from TikTok and Snapchat to Notepad+, Ethermine and Figma. According to Cyble’s extensive study, the websites are similar enough not to give off the feeling of fraud. The malicious actors have done a great job at replicating the original counterparts.
The better the replication, the more dangerous the campaign. Victims end up on these sites by mistyping the URL. A typosquatting domain for Snapchat could be snapckat.com. The difference is so subtle that the user might not be aware that they made a mistake.
The main aim of the attackers is to push malware into the victim’s system and retrieve sensitive data such as cryptocurrency recovery keys. The malware itself is dangerous and can render your system useless.
Threat actors have several hundreds of iterations of the domain to cover any mistype that an unsuspecting user might make. While browsers such as Google Chrome feature typosquatting protection for users, it’s not effective enough to fully protect them. If you find yourself prone to typos and typosquatting, visiting a website through Google instead of an URL can reduce the risk.