Malware + Recommended

Type a URL Wrong, and You Might End up with Malware on Your Mac

Posted on by

.OM URL Typosquatting Malware

You may never get to visit the Middle Eastern country of Oman, but all it takes is a slip of the fingers to find your browser is visiting a “.om” website rather than a “.com.”

Do keyboard fumbles like this matter? Well, yes they do if it results in you visiting a webpage that has been set up by typosquatting opportunists — particularly if their plan is to trick you into installing adware or malware onto your computer.

Security researchers at Endgame have uncovered 319 .om websites that appear to have been set up with the deliberate intention of displaying ads, promoting scams and spreading the Genieo family of malware.

Fake Flash Player Update

Included in the long list of dodgy .om websites are the likes of netflix.om, reddit.om, nike.om, paypal.om, tumblr.om and youtube.om.

Through a series of redirects, users who visit one of these .om websites can find themselves ultimately taken to a fake Flash Updater webpage, that attempts to trick the unwary into downloading malicious code onto their computers.

Fake Flash Player Instructions

Once in place, Genieo’s adware gets its teeth into your web browser, installing itself as an extension, meddling with your browser settings, changing your browser’s home page, and injecting unwanted advertising and online surveys, all in an attempt to generate revenue.

Intego VirusBarrier already protects users against the Genieo malware family under a number of variants (OSX/Genieo, OSX/Genieo.B, and so forth).

And, as Intego reported before, this is not the first time that Genieo has been distributed via fake Flash updates, or used a variety of tricks to lull users into installing it onto their Mac computers.

As always, keep your wits about you; always download software from legitimate sites, and ensure your Mac anti-virus is updated. Taking precautionary steps and adding extra layers of security goes a long way to protecting your Mac from being infected by nuisances like this.

Furthermore, if you run a website and are concerned that someone might grab your .om domain in order to take advantage of your brand and exploit your customers, you should consider snapping it up first as a preventative measure.

About Graham Cluley

Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by companies such as Sophos, McAfee and Dr Solomon's. He has given talks about computer security for some of the world's largest companies, worked with law enforcement agencies on investigations into hacking groups, and regularly appears on TV and radio explaining computer security threats. Graham Cluley was inducted into the InfoSecurity Europe Hall of Fame in 2011, and was given an honorary mention in the "10 Greatest Britons in IT History" for his contribution as a leading authority in internet security. Follow him on Twitter at @gcluley. View all posts by Graham Cluley →