Fake site pretending as KeePass Password Manager found distributing adware

  • The fake site is part of a large network of sites that are involved in the distribution of adware bundles as free programs.
  • The site is named as keepass[.]com and contains four links for Windows, Windows Portable, Mac and Linux.

A fake site that appears to promote the popular KeePass password management software has been found distributing adware to unsuspecting visitors. The fake site is part of a large network of sites that are involved in the distribution of adware bundles as free programs.

What’s the matter?

Berk Cem Göksel, an independent security researcher, has discovered that a site named keepass[.]com is acting as the official site for KeePass Password manager to distribute malware. The malware is propagated in the form of .dmg and .exe files which are available on the site.

How does the fake site look?

According to BleepingComputer, keepass[.]com contain four links of KeePass for Windows, Windows Portable, Mac and Linux.

While the first three links contain similar URLs and download adware bundles, the fourth link for Linux takes the visitors to the legitimate keepass[.]info site.

The three malicious links are cdndownloadapr[.]com and are meant for adware bundles whose file names are dynamically generated based on the values in the URL.

What do the adware bundles carry?

The distributed adware bundles come with a digital certificate signed by a company named ‘In Profit Limited’. The signs used in these certificates are changed quite often.

Once the users click ‘Next’ on these certificates, they are presented with a series of offers that include search offers, extensions, anti-malware PUPs, and other unwanted malicious software.

The adware bundle is also capable of stealing a ton of information from infected systems that include the hardware type, location and more.

How to stay safe?

It is always advisable to download and install software from trusted and official sites. In case you are prompted to install software other than the intended program, then immediately shut down the program and do not let it continue.