“Genieo” Malware Targeting Macs Via URL Typos
Yet another security loophole is plaguing users of Apple’s Mac OS X operating system: The “Genieo” typosquatting malware targets Apple computers by delivering the payload through common domain names for services such as Netflix. Genieo takes advantage of the insecure state of Adobe Flash and installs itself when users mistype a URL in their web browser.
With the advent of “.om” domains came also a major security risk: So-called “typosquatters” use mistyped domain names such as Netflix.om or Dell.om to redirect users to a landing page that is targeted at installing malware or adware onto the computers of unsuspecting users. Security researchers at Endgame noticed that roughly 300 highly prominent websites have been registered with the new ending and are correlated with malware attacks. The top-level-domain .om is actually meant to be used for businesses and private residents of Oman, a gulf state, tech blog Gizmodo reports.
Unwanted adware installed via flash exploit
Adobe explained that their Flash player is currently unsafe to use and will not be updated in a reasonable timespan to fix the glaring security issues. Your current best bet is to disable flash entirely in your browser of choice. When visiting one of the URLs with the exploit, users are prompted to install a flash update after several redirects. Endgame highlights this list of 15 domain names appearing as legitimate sites:
The full list can be found here.
As soon as the user downloads and installs the infected update, his or her browsers receive adware extensions that cause unwanted activity. In most cases, it is hard to distinguish between the original site and the adware-spreading copy. The phenomenon itself is hardly new, hackers have been using typos in URLs to their advantage for quite a while now. What is new is that the top-level-domain (TLD) .om is employed for misdirection. Registrations have gone up during February 2016 and are expected to rise even further during the coming months.