Skip to main content

Hackers are using this incredibly sneaky trick to hide malware

One of the most important things you can do to protect your online security is install one of the best password managers, but a recent cyberattack proves that you have to be careful even when doing that. Thanks to some sneaky malware hidden in Google Ads, you could end up with viruses riddling your PC.

The issue affects popular password manager KeePass — or rather, it attempts to impersonate KeePass by using misleading Google Ads. First spotted by Malwarebytes, the nefarious link appears at the top of search results, meaning you’ll likely see it before the legitimate websites that follow beneath it.

A hacker typing on an Apple MacBook laptop, which shows code on its screen.
Sora Shimazaki / Pexels

Ordinarily, this might not be a problem. That’s because Google Ads show the target website’s address before you click the link, so you may recognize it as a fake. However, in this case, the KeePass impersonator uses a clever trick to mask its URL, making it look like the advert links through to the official KeePass website. That devious deception could fool even the most security-conscious web user.

Recommended Videos

The malware website uses Punycode, which can insert special characters into website addresses. In this case, it replaces the K in KeePass with a K that has an almost indistinguishable accent below it. At a quick glance, you might not even notice it. In the end, it means you won’t be visiting the true KeePass website.

Please enable Javascript to view this content

How to stay safe

A search result showing a malicious Google Ad for the KeePass password manager, with the advert impersonating the official website.
Malwarebytes

Once you click the malicious link, you are quickly redirected through a variety of URLs that are used to check visitors and filter them out. If the websites determine that you are a bot or running your web browser in a locked-down sandbox environment, you won’t make it to the final destination. If you are deemed to be a genuine user, you’ll end up on the malware website.

Once there, you’ll be prompted to download a virus that is disguised as the KeePass password manager. In an earlier analysis, security firm Sophos found that this virus is linked to a variety of malicious apps that steal your passwords, credit card data, and more.

How can you stay safe from this kind of malware? The first and most obvious answer is to use an ad blocker extension in your web browser. This will prevent these malicious websites from ever reaching you, no matter how sophisticated their deceitful tricks are.

Other than that, it’s important to install a strong antivirus app. If you don’t use an ad blocker, you should be extremely careful when clicking any advert that appears in search results. If you’re not, you could end up falling victim to malware without even realizing it.

Alex Blake
Alex Blake has been working with Digital Trends since 2019, where he spends most of his time writing about Mac computers…
Is ChatGPT creating a cybersecurity nightmare? We asked the experts
A person's hand holding a smartphone. The smartphone is showing the website for the ChatGPT generative AI.

ChatGPT feels pretty inescapable right now, with stories marveling at its abilities seemingly everywhere you look. We’ve seen how it can write music, render 3D animations, and compose music. If you can think of it, ChatGPT can probably take a shot at it.

And that’s exactly the problem. There's all manner of hand-wringing in the tech community right now, with commenters frequently worrying that AI is about to lead to a malware apocalypse with even the most green-fingered hackers conjuring up unstoppable trojans and ransomware.

Read more
Hackers may have stolen the master key to another password manager
Open padlock cybersecurity

The best password managers are meant to keep all your logins and credit card info safe and secure, but a major new vulnerability has just put users of the KeePass password manager at serious risk of being breached.

In fact, the exploit allows an attacker to steal a KeePass user’s master password in plain text -- in other words, in an unencrypted form -- simply by extracting it from the target computer’s memory. It’s a remarkably simple hack, yet one that could have worrying implications.

Read more
Hackers are using a devious new trick to infect your devices
A person using a laptop with a set of code seen on the display.

Hackers have long used lookalike domain names to trick people into visiting malicious websites, but now the threat posed by this tactic could be about to ramp up significantly. That’s because two new domain name extensions have been approved which could lead to an epidemic of phishing attempts.

The two new top-level domains (TLDs) that are causing such consternation are the .zip and .mov extensions. They’ve just been introduced by Google alongside the .dad, .esq, .prof, .phd, .nexus, .foo names.

Read more