According to a threat intelligence firm and website, a large-scalePhishing campaign built on typosquatting is targeting Windows and Android users.
The campaign currently underway uses more than 200 typosquatting domains that impersonate 27 brands to hoodwink web surfers to download malicious software to their computers and phones.
#The Cyble is strong.
The campaign was revealed in a Cyble post. The ERMAC banking Trojan was found in the fake applications that visitors were tricked into installing on their phones.
#The keys for the recovery of cryptocurrencies.
BleepingComputer explained that while Cyble focused on the campaign, a much larger operation is being deployed by the same threat actors. There are more than 90 websites that are part of the campaign.
Travelers are often directed to malicious websites by typosquatting. BleepingComputer explained that the domains used are very close to the originals, with a single letter swapped out of the domain or an "s" added to it.
The sites look authentic. They are either clones of the real sites or a knock-off.
Typically, victims end up at the sites by making a mistake in a URL entered on the address bar of a browser, but the URLs are also sometimes inserted in emails, SMS messages, and on social media.
#There is proofpoint.
According to the vice president for threat research and detection at Proofpoint, slothsquatting is not new.
The malicious site Goggle.com was sending visitors to was found in 2006 by TechNewsWorld.
Security experts told TechNewsWorld that the campaign has some distinguishing characteristics.
#The Vulcan Cyber.
Mike Parkin, senior technical engineer at Vulcan Cyber, a provider of Software as a Service for enterprise cyber risk remediation in Tel Aviv, Israel, said that the size of the campaign is unusual.
Deep Instinct, a deep learning cybersecurity company in New York City, said that the campaign appears to be much larger than typical typosquatting attempts.
#OpenText security solutions.
The security intelligence director at OpenText Security Solutions said that focusing on mobile apps is a departure from the norm.
He said that the targeting of mobile apps and associated websites with the goal of distributing malicious Android apps is something that is new but not as common as typosquatting that targets Windows software websites.
#There is a lookout.
Hank Schless, senior manager for security solutions at Lookout, a San Francisco-based provider of mobile phish solutions, observed that the campaign relies on both typing mistakes by users and the intentional delivery of malicious URLs to targets.
He said that the campaign appears to be a well-rounded one with a high chance of success if an organization doesn't have proper security in place.
Roger Grimes, a security awareness training provider in Clearwater, Fla., said that Phishing campaigns don't need to be innovative to succeed.
He told TechNewsWorld that all typosquatting campaigns are effective. There are many advanced tricks that could fool even the experts.
The letters O and zero are similar in appearance to each other, as is the case with the letters I and l.
There aren't a lot of advanced attacks that need them to be successful. You can work easy when you work hard.
#AppSecEngineer is a person.
Abhay Bhargav, CEO of AppSecEngineer, a security training provider in Singapore, claimed that typosquatting works because of trust.
People are so used to seeing and reading well-known names that they think a site, app, or software package is the same as the original product.
He said that people don't stop to think about the minor spelling discrepancies or the domain discrepancies that distinguish the original product from the fake.
Some domain administrators are blamed.
It's very easy to "fat finger" while typing a URL, so PayPal becomes PalPay.
He said that it would get a lot of hits since it is a clone of the original.
He said attackers snatched up several similar domains to make sure that many different typos would match.
The current domain registration systems don't help matters either.
The problem is made worse because some services let bad websites get TLS/HTTPS domain certificates, which many users believe means the website is safe and secure. A majority of websites have a digital certificate. It makes a mockery of the whole system.
#Get rich with domains.
The internet domain naming system is broken, allowing obviously rogue internet domains to be registered, which are easy to see, in some sort of misdirection attack. The profit incentives are a big part of the problem.
Mobile browsers. More reasonable.
Hardware form factors can contribute to the problem.
According to Schless, texting is more effective on mobile devices because of how mobile operating systems are built to simplify user experience and minimize clutter on the smaller screen.
The victim might not be able to see the full URL in the first place because mobile browsers and apps shorten it to improve their user experience. People don't usually preview a URL on mobile, which is something they might do on a computer by hovering over it
#It's called Tresorit.
Szilveszter Szebeni and the co- founder of Tresorit, an email encryption-based security solutions company, agreed that typosquatting is more effective on mobile phones because the URLs aren't fully visible.
He told TechNewsWorld that people usually use the app or play stores.
Protect against typosquatting.
Users should never follow links in emails or text messages from unknown senders.
He said to take care when typing on mobile devices.
When in doubt, a user can go to the established domain name instead of clicking on a direct link.
Schless suggested that people be less trusting of their mobile devices.
He said that they have an inherent trust in mobile devices and don't think it's necessary to install anti-phishing solutions on them.
He noted that the campaign shows why it is critical to have a security solution built specifically for mobile threats on your phone and tablets.