Skip to main content

Hackers are using this incredibly sneaky trick to hide malware

One of the most important things you can do to protect your online security is install one of the best password managers, but a recent cyberattack proves that you have to be careful even when doing that. Thanks to some sneaky malware hidden in Google Ads, you could end up with viruses riddling your PC.

The issue affects popular password manager KeePass — or rather, it attempts to impersonate KeePass by using misleading Google Ads. First spotted by Malwarebytes, the nefarious link appears at the top of search results, meaning you’ll likely see it before the legitimate websites that follow beneath it.

A hacker typing on an Apple MacBook laptop, which shows code on its screen.
Sora Shimazaki / Pexels

Ordinarily, this might not be a problem. That’s because Google Ads show the target website’s address before you click the link, so you may recognize it as a fake. However, in this case, the KeePass impersonator uses a clever trick to mask its URL, making it look like the advert links through to the official KeePass website. That devious deception could fool even the most security-conscious web user.

The malware website uses Punycode, which can insert special characters into website addresses. In this case, it replaces the K in KeePass with a K that has an almost indistinguishable accent below it. At a quick glance, you might not even notice it. In the end, it means you won’t be visiting the true KeePass website.

How to stay safe

A search result showing a malicious Google Ad for the KeePass password manager, with the advert impersonating the official website.

Once you click the malicious link, you are quickly redirected through a variety of URLs that are used to check visitors and filter them out. If the websites determine that you are a bot or running your web browser in a locked-down sandbox environment, you won’t make it to the final destination. If you are deemed to be a genuine user, you’ll end up on the malware website.

Once there, you’ll be prompted to download a virus that is disguised as the KeePass password manager. In an earlier analysis, security firm Sophos found that this virus is linked to a variety of malicious apps that steal your passwords, credit card data, and more.

How can you stay safe from this kind of malware? The first and most obvious answer is to use an ad blocker extension in your web browser. This will prevent these malicious websites from ever reaching you, no matter how sophisticated their deceitful tricks are.

Other than that, it’s important to install a strong antivirus app. If you don’t use an ad blocker, you should be extremely careful when clicking any advert that appears in search results. If you’re not, you could end up falling victim to malware without even realizing it.

Editors' Recommendations

Alex Blake
In ancient times, people like Alex would have been shunned for their nerdy ways and strange opinions on cheese. Today, he…
Hackers may have stolen the master key to another password manager
keepass master password plain text vulnerability open padlock cybersecurity

The best password managers are meant to keep all your logins and credit card info safe and secure, but a major new vulnerability has just put users of the KeePass password manager at serious risk of being breached.

In fact, the exploit allows an attacker to steal a KeePass user’s master password in plain text -- in other words, in an unencrypted form -- simply by extracting it from the target computer’s memory. It’s a remarkably simple hack, yet one that could have worrying implications.

Read more
Hackers are using a devious new trick to infect your devices
A person using a laptop with a set of code seen on the display.

Hackers have long used lookalike domain names to trick people into visiting malicious websites, but now the threat posed by this tactic could be about to ramp up significantly. That’s because two new domain name extensions have been approved which could lead to an epidemic of phishing attempts.

The two new top-level domains (TLDs) that are causing such consternation are the .zip and .mov extensions. They’ve just been introduced by Google alongside the .dad, .esq, .prof, .phd, .nexus, .foo names.

Read more
Google just made this vital Gmail security tool completely free
google makes gmail dark web monitoring free laptop stephen phillips

Hackers are constantly trying to break into large websites to steal user databases, and it’s not entirely unlikely that your own login details have been leaked at some point in the past. In cases like that, upgrading your password is vital, but how can you do that if you don’t even know your data has been hacked?

Well, Google thinks it has the answer because it has just announced that it will roll out dark web monitoring reports to every Gmail user in the U.S. This handy feature was previously limited to paid Google One subscribers, but the company revealed at its Google I/O event that it will now be available to everyone, free of charge.

Read more