Why malvertsing is so dangerous
People search at Google for Keepass got a website which lead them to a malware download as Malwarebytes reported [1].
Do you can see difference between
ḳeepass . infoand
keepass . info? Depends on address field.
And i remember how
apple.comwas hijacked by bad punycode domain[2].
Fortunately Vivaldi does not show the wrong k but unencoded punycode, so user could be warned.
Because of Google and others spread/advert malware sites they are paid for, that's why users should never accept ads on their browsers.
Explanation: Malvertising = "Malware by Advertising" [3]
[1] https://www.malwarebytes.com/blog/threat-intelligence/2023/10/clever-malvertising-attack-uses-punycode-to-look-like-legitimate-website
[2] https://arstechnica.com/information-technology/2017/04/chrome-firefox-and-opera-users-beware-this-isnt-the-apple-com-you-want/
[3] https://en.wikipedia.org/wiki/Malvertising
stardepp Translator
@DoctorG That's why I haven't used Google for some time.
That's why I havn't used Google search since almost 10 Years
I use uBlockOrigin.
Helps me to protect.
stardepp Translator
@DoctorG I also trust uBlock Origin very much.
@stardepp And i use Brain 1.0
Thought there was already an upgrade to Brain 2.0 about 7 years ago and to Brain 2.5 about 2 years ago?
I use the Vivaldi blocker, which works fine for me, apart SiteBleacher, JShelter and the YouTube iFrame Adblocker script
Shame that specific example targeted a password manager, since they are one of the best defenses against the phishing form of this sort of attack.
While a user might not notice a slightly odd character in a URL, a password manager isn't going to prompt to fill in details to the wrong URL.
@nomadic, I don't use an PM, only the own of Vivaldi and Brain 2.0
This means it's high time for developers to get concerned and make adequate punycode protection! Which should at least recognise punycode and highlight its characters in red, and immediately provide a decoding in the address bar.
This is especially important for Vivaldi on android, where there is no inbuilt protection and no support for extensions.
And it's important to add an option in the settings that completely blocks punycode handling.
@far4, further aggravating on Android, which by default only has this placebo pseudoAV Play Protect, which does not even find malware named virus.apk. It is essential to install a good AV, for example BitDefender, which is perhaps one of the best for Android. Although Vivaldi does not support mobile extensions, it does have reasonable protection against fraudulent websites due to the Adblocker it has.
looks like the usual M$+Gargle drama...
- from Google: not surprised, nothing but crap to expect from that company...
- .msi = MicroSoft Installer : the usual crap in the usual M$ malwaredfaileduniverse
- keepass software: available in GNU/Linux repos and not from "the internet"
DoctorG Ambassador
@npro Harsh words, but with a true core.
@npro I'm going to nitpick, microsoft has a repo based command line installer too -
winget, and repos are on the internet, they're just not on the web. MSI is just a package format, I don't think there's anything inherently wrong with it.
-
msi is a normal compressed file, like zip or rar, with the difference that Windows accept it as executable file, apart with a content verified by MS. It's the most secure format for installing apps in Windows
-
in what world we are living, Microsoft copying UNIX/Linux's architecture, admitting basically the failure of its 40 years disastrous ecosystem
I thought
chocolateywas the trendy-hippy package manager?
-
No, but with winget you find all the 360xyz spyware chinese crap software easier.
-
@npro I don't think its admitting failure. I think there are people at Microsoft who actually want to make the operating system better, so they make small solutions where they can. Its just the management is so obsessed with ruining the operating system that often what little progress they do make is overrun.
-
winget has a list of user-maintained list of files in a repo, msi file is "signed" with a developers/company signature, but trusting both? 60-70% trust, yes.