"Typosquat Campaign Targeting Android, Windows Users Now Counts 600+ Domains"

Security researchers at Cyble and Bleeping Computer recently discovered attacks targeting Windows and Android users that mimicked 27 brands across over 200 typosquatting domains.  Security researchers at DomainTools are now saying they have uncovered additional suspicious infrastructure.  The researchers noted that by including DNS-based pivots that go beyond the host’s IP address, the list of suspicious domains grew to more than 600, with 9 of these created in the last week.  Of the more than 600 domains, well over 400 are still active and not yet on common 3rd party threat intel feeds and blocking lists.  The researchers stated that with the connection to the ever-popular Vidar stealer and other malware, they can reasonably conclude that the ultimate goal is to steal credentials to app accounts, crypto wallets, etc., and perhaps use infected hosts as proxies for further malicious activity.  After reviewing the new domains, the security researchers have said they all look to use similar web page designs as possible lures.

Infosecurity reports: "Typosquat Campaign Targeting Android, Windows Users Now Counts 600+ Domains"