- Here’s why you shouldn’t buy a Nintendo Switch until mid-August Monday 5:11 PM
- Man blasted for making his coworkers babysit his child Monday 5:07 PM
- Pete Buttigieg’s country radio interview was blocked from the air Monday 4:35 PM
- 15-year-old Smash Bros. prodigy caught using racist slur in private Discord server Monday 3:47 PM
- Instagram users who post pet pictures more likely to get hacked Monday 3:45 PM
- Post-Prime Day recap: Shipping delays, more sales, and a scam Monday 3:08 PM
- Jacob Wohl returns to Twitter … for now Monday 1:56 PM
- How to stream WWE Raw Reunion Monday 1:35 PM
- ‘I hope Trump deports you’: Woman goes on racist rant to Spanish speakers at a store Monday 1:24 PM
- Emoji Mashup Bot gives life to unidentifiable emotions Monday 1:15 PM
- Notorious grifter Anna Sorokin reportedly blocked from profiting off Netflix series Monday 12:45 PM
- Charlottesville attacker’s Twitter account included praise for Hitler Monday 12:10 PM
- ‘Short Treks’ trailer: Spock, Pike, and Number One return Monday 11:57 AM
- Everything we know about ‘Star Trek: Lower Decks,’ the new animated show Monday 11:55 AM
- Cole Carrigan says he left Team 10 after being called homophobic slur Monday 11:32 AM
OS X malware creators buy typo versions of popular websites to catch victims
This is pretty insidious.
A typo in a text message might lead to brief embarrassment, but when it comes to domain names, a typo has significantly larger ramifications: For Mac users, missing a single letter in a Web address could land you neck-deep in malware.
According to research from security firm Endgame, several groups are squatting on variants of popular websites, using the .om suffix—the top-level domain for the country Oman—to catch users who miss the “c” when typing in their destination.
The practice, called typosquatting, doesn’t just claim an address in the hope of making a quick buck off of the businesses who may want it—some of these sites are targeting Mac users with malicious software.
While Windows users who visit these sites are simply redirected to advertising network sites that blast them with unwanted ads, Mac users get a popup prompting them to install an Adobe Flash update. The prompt is fake, and clicking it installs adware called Genieo.
Genieo, a common OS X malware, digs into the computer by installing itself as an extension on a variety of supported browsers, including Chrome, Firefox, and Safari. The software can manipulate these browsers in a variety of ways.
Victims of Genieo may notice their homepage change. They may also notice that they start receiving targeted advertising that generates revenue for the developers of the adware.
In the course of its research, Endgame found 334 .om sites exploiting typos in popular Web addresses—319 of which were malicious. Popular sites like Netflix, Gmail, Amazon, Reddit, and GitHub have had their name used as part of the .om scam.
It’s not entirely clear how the people behind the typosquatting strategy have been able to snag many of these domains—Oman’s domain-registration process requires verification to claim a commercial domain.
Regardless of how they bypassed that system, their strategy seems to be working: Endgame reported that the sites are receiving enough traffic to cause concerns both for users who accidentally land there and for brands that are now associated with malware and annoying ads.
Macs have become more regular targets of these types of attacks as OS X grows more popular. Recently, the first strain of ransomware for Mac users was spotted in the wild.
AJ Dellinger is a seasoned technology writer whose work has appeared in Digital Trends, International Business Times, and Newsweek. In 2018, he joined Gizmodo as the nights and weekend editor.