Security researchers have found a new campaign that is targeting Android and Windows users. The researchers have found that there may be a much larger set of domains associated with the campaign that was originally discovered by Cyble and Bleeping Computer. The campaign is classified as typosquatting and consists of 27 mimicked brands over 600 typosquatting domains. DomainTools uncovered the additional suspicious infrastructure, stating that well over 400 of the domains are still active.
DomainTools also found that the sites include the popular Vidar stealer and other forms of malware. Therefore, it is likely that the campaign’s ultimate goal is financial gain by stealing credentials to app accounts, crypto wallets, and other sensitive applications. Most of the domains were registered in the second half of 2022, however, DomainTools has identified domains dating as early as the fall of 2021. The web pages are all designed to mimic legitimate brands.