Beware of dangerous Google links. One symbol reveals the fake
10:03 AM EDT, October 20, 2023
In the Google search engine, you can constantly come across fake app links, and the Notepad++ example we described recently is not the only threat. Simultaneously, in Google, you can encounter ads related to KeePass software. This scam can be recognized by one character in the URL of the landing page.
False links at the top of the search list on Google are nothing new, but scams can take many forms. The easiest to recognize seems to be the version in which a false advertisement leads to a completely different site and nobody tries to hide it - such a situation occurs in the case of manipulated search results related to the Notepad++ program. At the other end of the scale, however, there are such prepared advertisements, the observation of which in practice does not allow to see that they are fake.
However, between these two approaches, one can distinguish another - false links in Google that lead to a page with a barely noticeable change in the target address. An example of this is the case of tampered shortcuts to the KeePass app, as described by Malwarebytes. The fraudsters created a target page whose address only appears identical at first glance, as in the case of the original page. The key is using the letter "k" with an accent, which when converted to ASCII, turns out to completely change the target address of the page (from ķeepass[.]info to xn--eepass-vbb[.]info).
The effect is obviously similar to other scenarios. The user lands on a rigged site that convincingly imitates the original, where one can download software (in practice, its infected version). The installation of a counterfeit KeePass on your computer can lead to various types of losses, starting from stealing login data to implementing other attacks. As reported by Malwarebytes, the harmful software FakeBat is embedded inside the installer.
We consistently appeal for caution and suggest using only trusted sites when downloading software. False advertisements will disappear from Google search results after applying any kind of unwanted content blocker, which in this case serves in its own way as software protecting against threats.