Last week, if you searched for the well-known open source image editing software GIMP on Google, it would display an advertisement calling itself GIMP.org, but clicking on the advertisement would lead to a phishing website disguised as GIMP instead of the real official website. GIMP is a malicious program. The attackers used the domain names gilimp.org and gimp.monster, which are significantly different from the real official website domain name GIMP.org. An investigation into the malicious program samples it hosted found it to be a malicious program called VIDAR that steals information, designed to steal passwords, cookies, historical and credit card data stored on browsers, as well as cryptocurrency wallets, Telegram login credentials, and more.
This article is reprinted from: https://www.solidot.org/story?sid=73245
This site is for inclusion only, and the copyright belongs to the original author.