Technology media Arstechnica reported that when searching for "keepass" on Google, the results returned prioritized websites pretending to be the official website of the open source password manager "KeePass" . As shown below:
▲ The real KeePass official website is located below the fake one
According to the introduction, the website address of the fake KeePass is " k eepass.info", while the real official website of KeePass is " k eepass.info".
At first glance, the two URLs look exactly the same. The only difference is the very inconspicuous 'k' - the fake one has an extra dot below the K letter.
If users are not careful and judge, after entering the fake KeePass official website, the "password manager" downloaded is actually malware, which contains the FakeBat Trojan, which can link to the server set up by the hacker to obtain password information.
Information from Google's Ads Transparency Center shows the ads have been running since Saturday and were last logged in on Wednesday. The main body of advertising is a company called Digital Eagle. The transparency page states that the company is an advertiser and its identity has been verified by Google.
Someone on Hacker News is calling it time to get rid of Google.
Further reading: Open source graphics editor GIMP was “hijacked” by malware in search engine results