Next time you accidentally type “.om” instead of “.com” in your browser, beware of malware. A new scam targets URL typos and tries to install dangerous software on your computer.
Photo by Perspecsys Photos.
Endgame discovered the malware after a user mistyped Netflix.com:
He did not get a DNS resolution error, which would have indicated the domain he typed doesn’t exist. Instead, due to the registration of “netflix.om” by a malicious actor, the domain resolved successfully. His browser was immediately redirected several times, and eventually landed on a “Flash Updater” page with all the usual annoying (and to an untrained user, terrifying) scareware pop-ups. Luckily, the Endgamer recognised danger and retreated swiftly, avoiding harm.
They identified the download as “Adware Genieo”, which poses as a standard Adobe Flash update, then installs itself as an extension to Chrome, Firefox or Safari. Endgame calls it typosquatting, and it’s not limited to the Flash Updater page. Some pages will use surveys, advertisements or scareware tactics to get you to download the malware.
They have included a full list of over 300 domains that appear suspect here. For more detail, head to the link below.