"Typosquat Campaign Mimics 27 Brands to Push Windows, Android Malware"

Over 200 typosquatting domains impersonating 27 brands are being used in a massive malicious campaign to trick visitors into downloading various Windows and Android malware. Typosquatting is a technique for tricking people into visiting a fake website by registering a domain name that looks similar to that of a legitimate brand. The domains used in this campaign are very similar to the originals, with a single letter position swap or an additional "s," making them easy to overlook. In regard to appearance, in most cases seen by Bleeping Computer, the malicious websites are clones of the originals or convincing enough to mask the fraud. Victims typically end up on these sites after mistyping the website name they want to visit in the URL bar of their browser, which is common when typing on a mobile device. Users may be led to these sites through phishing emails or SMS, direct messages, malicious social media and forum posts, and other means. Some of the malicious sites were discovered by Cyble, a cyber-intelligence firm that recently published a report focusing on domains impersonating popular Android app stores such as Google Play, APKCombo, and APKPure, as well as download portals for PayPal, VidMate, Snapchat, and TikTok. While Cyble's report focused on the campaign's Android malware, Bleeping Computer discovered a much larger typosquatting campaign distributing Windows malware from the same operators. This campaign consists of more than 90 websites impersonating over 27 popular brands in order to distribute Windows malware, steal cryptocurrency recovery keys, and push Android malware. This article continues to discuss findings regarding the malicious typosquatting campaign.

Bleeping Computer reports "Typosquat Campaign Mimics 27 Brands to Push Windows, Android Malware"