Typo prone? You may want to clean up your act. In a malicious trend known as typosquatting, hackers are now taking advantage of our fast fingers and careless errors, attempting to send malware onto Macs by way of mistyped URLs. According to the security company Endgame, a whopping 300 popular .com sites have been registered in Oman, whose top level domain is .om. But this is only a cover — the .om sites try to load OS X malware known as Genieo onto the Apple devices of unsuspecting users.
Endgame first came across typosquatting when an employee made a typo in “www.netflix.com,” instead typing, “netflix.om.” As Endgame notes, “He did not get a DNS resolution error, which would have indicated the domain he typed doesn’t exist. Instead, due to the registration of “netflix.om” by a malicious actor, the domain resolved successfully.” Luckily, being an Endgamer, he was able to spot the malware, and “retreated swiftly, avoiding harm.”
Other less savvy users, however, may not have been as lucky. The malware Genieo, Endgame notes, is a rather “common OS X malware/adware variant” that “typically infiltrates the user’s system by posing as an Adobe Flash update.” If the user accepts the update, then Genieo “entrenches itself on the host by installing itself as an extension on various supported browsers (Chrome, Firefox, Safari).”
Typosquatting isn’t all that new — indeed, malware has previously been delivered by way of mistyped addresses. But Endgame does say that it hasn’t previously come across “.om abuse.” So how concerned should we be? The security firm suggests, “Our research also indicates that .om domains associated with the vast majority of major brands may be unregistered. It does not appear that are widely including the .om in their typosquatting mitigation strategies. We strongly recommend doing so.”
So be careful when you’re typing, friends. This is one type of “om” you want nothing to do with.