Accidentally Typing “.om” Instead of “.com” Puts Your Computer At Risk For Malware

Image courtesy of Mike Cook Foto

We’ve all done it: typed too quickly and gone to Amazonco.m, Netfli.xcom, or countless other incorrect URLs. These goofs often lead to harmless dead ends, but cybersquatters are increasingly using these URLs to spread malware.

A new scam, targeting both PC and Mac users, aims to install malware when people mistakenly type “.om” instead of “.com” in popular URLs, Business Insider reports.

[NOTE: For the sake of your data, don’t get curious and start deliberately trying the messed-up URLs mentioned in this story just to see what happens.]

The hack attack, first discovered by Endgame last week and known as “typosquatting,” was created by a group who purchased the typo’d web domains of popular websites, like Netflix, Amazon, American Express, Auto Trader, Best Buy, Blogspot, and more.

Instead of the traditional “.com” URL, the malicious sites include typing mistakes like “.co” or full addresses with misplaced letters, such as “amazonc.om.”

Once users are directed to the fake sites, they will see a “Flash Updater” app. The aim of the scam is for visitors to assume they need the update, hit the “download” button and install malware on their device.

The issue was discovered when an Endgamer mistyped the domain as “www.netflix.co.”

Instead of getting a DNS error, which would have indicated the domain he typed didn’t exist, the site redirected several times, and eventually landed on a “Flash Updater.”

One of the sites "netflix.om" redirected to before landing on a Flash updater.

One of the sites “netflix.om” redirected to before landing on a Flash updater.

Endgame determined that the download was Adware Genieo, which typically infiltrates the user’s system by posing as an Adobe Flash. Genieo then entrenches itself on the host by installing itself as an extension on various supported browsers.

So how was this malicious group able to purchase so many domains (see a full list here)? Endgame points out that most of the misspelled URLs include the “.om” domain, which is country specific to Oman, where “the vast majority of brands” may be unregistered.

What does Oman, the House of Cards, and Typosquatting Have in Common? The .om Domain and the Dangers of Typosquatting [Endgame]
Look out for misspelled websites like ‘Netflix.om’ — they’re designed to trick you into downloading malware [Business Insider]