A massive, malicious campaign is underway using over 200 typosquatting domains that impersonate twenty-seven brands to trick visitors into downloading various Windows and Android malware.
Typosquatting is an old method of tricking people into visiting a fake website by registering a domain name similar to that used by genuine brands.
The domains used in this campaign are very close to the authentic ones, featuring a single letter position swap or an additional “s,” making them easy for people to miss.
In terms of appearance, in most cases seen by BleepingComputer, the malicious websites are clones of the originals or at least convincing enough, so there’s not much to give away the fraud.
Victims typically end up on these sites by mistyping the website name they want to visit in the browser’s URL bar, which is not uncommon when typing on mobile.
However, users could also be led on these sites via phishing emails or SMS, direct messages, malicious social media and forum posts, and other ways.
Some of the malicious sites were discovered by cyber-intelligence firm Cyble, which published a report this week focusing on domains mimicking popular Android app stores like Google Play, APKCombo, and APKPure, as well as download portals for PayPal, VidMate, Snapchat, and TikTok.
