Clever malvertising attack uses Punycode to look like KeePass's official website (www.malwarebytes.com)
from throws_lemy@lemmy.nz to cybersecurity@sh.itjust.works on 21 Oct 2023 00:49
https://lemmy.nz/post/2538741

#cybersecurity

threaded - newest

NightOwl@lemmy.one on 21 Oct 2023 01:56 next collapse

Great reason why ad blocking should not be disabled on the internet. If these companies keep trying to guilt people into disabling ads blocking then they should also be held liable for advertising that harms users whether it be malicious sites or harmful targeted advertising like gambling ads to addicts.

thantik@lemmy.world on 21 Oct 2023 01:57 next collapse

Besides the lock icon, something akin to “Web of Trust” should really be implemented in a modern browser by default. We’ve proven time and time again 99% of people won’t change anything from the default and the only way to save these idiots from themselves is to literally just make it harder for them to use the computer.

I also see so many naive people suggest that I’m “leeching” by installing an adblocker, but I have to show them stories like this that clearly teach them that ad-blockers are security plugins more than anything.

isildun@sh.itjust.works on 21 Oct 2023 23:58 collapse

The FBI put out a PSA late last year that recommends using an ad-blocker for security purposes. It’s the third bullet-point under “Tips to Protect Yourself”: www.ic3.gov/Media/Y2022/PSA221221

ironeagl@sh.itjust.works on 21 Oct 2023 02:09 next collapse

Google and other large advertiser networks should be liable for malicious ads that they serve.

generic@iusearchlinux.fyi on 21 Oct 2023 04:23 collapse

At the company I used to work for, I was the tech guy and my boss was not, he was a business guy (and a real estate appraiser).

I had to tell my boss never to click on “sponsored” Google results. I forget what piece of software he was searching for, but I didn’t want him downloading malware. Because I’ve seen lots of fake results like this before.

This was just the most sophisticated one I’ve seen.

It isn’t just KeePass, search for basically any software (like Firefox or VLC) and you’re likely to see a “sponsored” result that’s a scam/malware.