Type a URL Wrong, and You Might End up with Malware on Your Mac
Posted on March 16th, 2016 by Graham Cluley
You may never get to visit the Middle Eastern country of Oman, but all it takes is a slip of the fingers to find your browser is visiting a “.om” website rather than a “.com.”
Do keyboard fumbles like this matter? Well, yes they do if it results in you visiting a webpage that has been set up by typosquatting opportunists — particularly if their plan is to trick you into installing adware or malware onto your computer.
Security researchers at Endgame have uncovered 319 .om websites that appear to have been set up with the deliberate intention of displaying ads, promoting scams and spreading the Genieo family of malware.
Included in the long list of dodgy .om websites are the likes of netflix.om, reddit.om, nike.om, paypal.om, tumblr.om and youtube.om.
Through a series of redirects, users who visit one of these .om websites can find themselves ultimately taken to a fake Flash Updater webpage, that attempts to trick the unwary into downloading malicious code onto their computers.
Once in place, Genieo’s adware gets its teeth into your web browser, installing itself as an extension, meddling with your browser settings, changing your browser’s home page, and injecting unwanted advertising and online surveys, all in an attempt to generate revenue.
Intego VirusBarrier already protects users against the Genieo malware family under a number of variants (OSX/Genieo, OSX/Genieo.B, and so forth).
And, as Intego reported before, this is not the first time that Genieo has been distributed via fake Flash updates, or used a variety of tricks to lull users into installing it onto their Mac computers.
As always, keep your wits about you; always download software from legitimate sites, and ensure your Mac anti-virus is updated. Taking precautionary steps and adding extra layers of security goes a long way to protecting your Mac from being infected by nuisances like this.
Furthermore, if you run a website and are concerned that someone might grab your .om domain in order to take advantage of your brand and exploit your customers, you should consider snapping it up first as a preventative measure.