KeePass is having its users targeted by a new malvertising campaign leveraging Google Ads to promote a fraudulent site for the open-source password manager, according to SiliconAngle. After leveraging the Punycode character encoding system to register a fake domain that concealed an additional character in the keepass[.]info domain to closely resemble the legitimate site, threat actors were able to promote the fraudulent site on top of Google’s search results, a report from Malwarebytes Labs showed.

Source: SC Magazine