Heads up: Google has been caught hosting an ad that’s not just fake — it’s convincingly fake. We’re talking about an ad masquerading as the open-source password manager KeePass. And the kicker? Even security buffs might be falling for it.
The devil’s in the details
The fraudulent Google ad leads you to what appears to be the genuine KeePass website, but it’s a trap. The folks at Malwarebytes found it’s actually a lookalike site pushing malware known as FakeBat.
According to Google’s Ad Transparency Center, the ads were paid for by a verified advertiser named Digital Eagle. Yep, you read that right. Google verified these guys! The tricky part? The site uses an encoding scheme called Punycode to appear authentic.
Punycode’s been aiding and abetting scams for a while. It changes the way URLs appear without the regular tipoffs. Remember that fake brave.com site a couple of years ago? Yeah, Punycode was behind that, too.
How to spot the fakes
Listen, there’s no foolproof method to steer clear of malicious ads or Punycode URLs, but here are some pointers:
1. Maintain a healthy skepticism
If something seems too good to be true or slightly off, pause and think before clicking.
2. Manual URL entry
Type the URL yourself into a new browser tab. It’s a bit tedious, but it’s one of the most effective ways to dodge lookalike websites. At the very least, scroll down to the organic results past the ads.
3. Inspect the TLS certificate
This one’s crucial, so let’s break it down:
- In Chrome: Click on the padlock icon next to the URL. Select Certificate to view the details. Make sure the name matches the website you intended to visit.
- In Firefox: Click the padlock, then Show Connection Details, and finally, More Information. Under the Security tab, you can view the certificate.
- In Safari: Click the padlock, then Show Certificate. Validate that the certificate belongs to the site you intended to visit.
- In Microsoft Edge: Click the padlock and then View certificate to check details.
4. Established sites aren’t always safe
Remember, even trusted platforms like Google can host bad ads — just like malicious apps make it into the official app stores all the time.
5. Look for small details
A tiny character can be the difference between a legitimate URL and a malicious one. Pay close attention! You might mistake k0mando[.]com for komando.com if you move too fast.
Stay alert, stay safe. There’s a new trick around every corner, but you’re arming yourself with knowledge. Share this with a loved one who you want to keep safe, too.