Is Your Software a Top Impersonation Target? | WhoisXML API

Threat reports

Read other reports

Is Your Software a Top Impersonation Target?

Download PDF

Copycatting the world’s most popular software applications is a commonly used technique to lure users into visiting seemingly legitimate yet often malicious pages.

Scouring the Domain Name System (DNS) for the digital footprint of seven of the world’s most-imitated software1 revealed that threat actors may indeed be trailing their sights on them. Our study found that:

  • More than 20,000 domains contain the names of the most-mimicked software today—7-Zip, TeamViewer, CCleaner, Microsoft Edge, Steam, Zoom, and WhatsApp.
  • Close to 1,000 of the domains containing the seven featured applications were dubbed “malicious” by various malware engines.
  • The 20,000+ domains containing the seven brands resolved to more than 12,000 unique IP addresses.
  • From a sample of nearly 1,200 IP addresses, over 10% of the IP address resolutions of the cybersquatting domains were classified as malicious.
  • Nearly 30,000 subdomains contain the names of the most-imitated programs.
  • Close to 1,000 of the subdomains containing the software brands were tagged “malicious.”

Download a sample of the threat research materials now or contact us to access the complete set of research materials.

Download PDF Read other reports
Try our WhoisXML API for free
Get started