Malware Pushed via promoting ads from fake sites

A site that pretends to promote the popular KeePass password management software is actually distributing malware on unsuspecting visitors. This site is part of a larger network of sites distributing adware bundles as free programs.

Last year, fake sites created to promote popular software, but the distributed files are trying only to push adware bundles on unsuspecting visitors.

These sites are promoting software such as 7zip, Inkscape, Gparted, Paint.Net, Scribus, Audacity, Stellarium, Celestia, CloneZilla, KeePass, Notepad2, UNetBootIn, Gimp, HandBrak, and many more.

Adware distribution

While many consider adware bundles more of a nuisance than actual malware, this is not true. Many of the adware bundles we see today include offers that include password stealing trojans, miners, ransomware, and backdoors.

Adware is commonly spread through fake sites that pretend to distribute cracks, warez, and legitimate software, but when users download the programs they discover that the bundles are filled with “offers” that are installed as well.

For example, looks like a legitimate site that is promoting the KeePass password management software.

Acronis Cloud Backup 12.5

2X Faster | 15 Seconds RTO | 21 Platforms