Cyble, a cybersecurity company, announced the uncovering of a large-scale fraudulent campaign. Its organizers have registered hundreds of domain names similar in spelling to the names of well-known brands. This very old technique is called typosquatting and remains very effective. Not too attentive users do not pay attention to 1-2 letters that the domain name differs from the domain of the official website of a particular brand – and as a result, they end up on malicious resources.
According to the Bleeping Computer, to date, Cyble specialists have identified more than 200 domain names that mimic the names of 27 popular brands. Among them, for example, payce-google.com (impersonates Google Wallet), snanpckat-apk.com (impersonates SnapChat), paltpal-apk.com (imitates PayPal), tlktok-apk.link (imitates TikTok), etc. .d. All these domains lead to websites from which the ERMAC malware is downloaded, a banking Trojan capable of stealing the credentials of online banking services and cryptocurrency wallets from 467 different applications.
In addition, typesquatting domains are used to infect Windows and Android user devices with the Vidar Stealer data-stealing malware and the Agent Tesla remote access Trojan. The researchers note that scammers use several varieties of each domain with different "typos". This allows them to quickly transfer their activities to another domain after the previous one is blocked.
