Google-hosted malvertising leads to fake Keepass site that looks genuine

sylverstream@lemmy.nz to Technology@beehaw.org – 220 points –
Google-hosted malvertising leads to fake Keepass site that looks genuine
arstechnica.com
26

You are viewing a single comment

I feel like browsers should flag urls with unicode in their domains as suspicious by default. Maybe they already do, not sure. It's honestly surprising to me in 2023 if they don't.

I wouldn't mind if FF popped up and said "hey, take another look at that URL" and very clearly drew attention to the weird k character. Of course it would have a "I'm absolutely sure this isn't a scam, I own this domain or know who owns it and you don't need to warn me about it in the future" button, but better safe than sorry.

I thought that they only show unicode chars if they are used in one of the installed languages of the browser and if not they show the punycode instead 🤔

12 more...