“Typosquatters are targeting Apple computer users with malware in a recent campaign that snares clumsy web surfers who mistakenly type .om instead of .com when surfing the web,” Tom Spring reports for ThreatPost.
“According to Endgame security researchers, the top level domain for Middle Eastern country Oman (.om) is being exploited by typosquatters who have registered more than 300 domain names with the .om suffix for U.S. companies and services such as Citibank, Dell, Macys and Gmail. Endgame made the discovery last week and reports that several groups are behind the typosquatter campaigns,” Spring reports. “Mac OS X users are being singled out in this typosquatting campaign with malware. According to Endgame, when a Mac user stumbles on one of the typosquatters’ webpages a fake Adobe Flash update pops up and attempts to trick users to install the advertising component called Genieo.”
“Genieo, according to Endgame, is a, ‘common OS X malware / adware variant’ that ‘typically infiltrates the user’s system by posing as an Adobe Flash update,'” Spring reports. “Once on the targeted computer, Endgame said, Genieo drops an OS X DMG container. “Genieo then entrenches itself on the host by installing itself as an extension on various supported browsers (Chrome, Firefox, Safari),’ wrote Mark Dufresne, director of malware research and threat intelligence for security software company Endgame, in a company blogpost. Windows PC users who visit one of the typosquatter sites are redirected an ad network where they are peppered with online ads. ”
Read more in the full article here.
MacDailyNews Take: Let’s be careful (and precise) out there.