One of the most important things you can do to protect your online security is install one of the best password managers, but a recent cyberattack proves that you have to be careful even when doing that. Thanks to some sneaky malware hidden in Google Ads, you could end up with viruses riddling your PC.
The issue affects popular password manager KeePass — or rather, it attempts to impersonate KeePass by using misleading Google Ads. First spotted by Malwarebytes, the nefarious link appears at the top of search results, meaning you’ll likely see it before the legitimate websites that follow beneath it.
Ordinarily, this might not be a problem. That’s because Google Ads show the target website’s address before you click the link, so you may recognize it as a fake. However, in this case, the KeePass impersonator uses a clever trick to mask its URL, making it look like the advert links through to the official KeePass website. That devious deception could fool even the most security-conscious web user.
The malware website uses Punycode, which can insert special characters into website addresses. In this case, it replaces the K in KeePass with a K that has an almost indistinguishable accent below it. At a quick glance, you might not even notice it. In the end, it means you won’t be visiting the true KeePass website.
How to stay safe
Once you click the malicious link, you are quickly redirected through a variety of URLs that are used to check visitors and filter them out. If the websites determine that you are a bot or running your web browser in a locked-down sandbox environment, you won’t make it to the final destination. If you are deemed to be a genuine user, you’ll end up on the malware website.
Once there, you’ll be prompted to download a virus that is disguised as the KeePass password manager. In an earlier analysis, security firm Sophos found that this virus is linked to a variety of malicious apps that steal your passwords, credit card data, and more.
How can you stay safe from this kind of malware? The first and most obvious answer is to use an ad blocker extension in your web browser. This will prevent these malicious websites from ever reaching you, no matter how sophisticated their deceitful tricks are.
Other than that, it’s important to install a strong antivirus app. If you don’t use an ad blocker, you should be extremely careful when clicking any advert that appears in search results. If you’re not, you could end up falling victim to malware without even realizing it.