Google Ads for KeePass Malware

Share the joy

Google Hosting a Malicious Ad 

KeePass is one of the best password managers. It has the right technology to protect your online security. 

In a recent cyberattack, however, it has proven that no matter how secure a tool is, it still needs to be careful. 

Some malicious actors concealed malware codes in Google Ads. If you downloaded it, you could end up having viruses on your computer. 

But it was not the real KeePass. Rather, it was an impersonator. 

Malwarebytes spotted the shady link that showed up at the top of search results. It means that you will see it before the legitimate sites that appear beneath it. 

Typically, you can see the site’s address before clicking the link. In that way, you can easily recognize whether or not it is fake. 

Unfortunately, the KeePass impersonator utilizes a trick to hide its URL. As a result, the link looks like it comes from the official website of KeePass. Even if you are a security-conscious user, you could be deceived. 


The attackers utilized Punycode. It is a way to represent Unicode characters using only the basic ASCII character set. It is commonly used in internationalized domain names to encode domain names that contain non-ASCII characters, like accented letters or characters from scripts like Chinese, Arabic, or Cyrillic. 

Punycode was used in this scenario. It tricked users into visiting malicious sites. The malicious actors managed to register domain names that look like the legitimate website of KeePass but used Punycode to include characters that resemble ASCII characters closely. 

If the site recognizes that you are running a browser in a sandbox environment, you will not be redirected to the malware website. But if you are a genuine user, you will visit the malicious site. 

From there, you will be tempted to download a virus disguised as the password manager Keepass. 

Security firm Sophos discovered that the virus is linked to malicious apps that can steal your passwords, financial details, etc. 

To avoid this kind of trap, you may want to consider using ad blocker extensions that can protect you against certain types of web-based threats. Ad blockers are designed to prevent the display of ads on web pages. This can help to reduce the likelihood of encountering malicious ads, including those that might lead to malware infections or phishing attacks. The ad blockers typically identify and block known malicious ad networks and domains. 

Click fraud is a technique where malicious actors repeatedly click on ads to generate fraudulent revenue or deplete an advertiser’s budget. Ad blockers can prevent these fake clicks, saving advertisers money and potentially improving the user experience. 

By blocking ads, this extension can reduce the potential attack surface. It makes it more difficult for malware to be delivered through advertising. 

Some ad blockers can also include privacy features that prevent advertisers from tracking your online behavior and collecting personal data. This can protect your privacy and reduce the risk of encountering targeted phishing attempts. 

You should also install a robust antivirus app. 

Share the joy

Author: Jane Danes

Jane has a lifelong passion for writing. As a blogger, she loves writing breaking technology news and top headlines about gadgets, content marketing and online entrepreneurship and all things about social media. She also has a slight addiction to pizza and coffee.

Share This Post On