Copycatting the world’s most popular software applications is a commonly used technique to lure users into visiting seemingly legitimate yet often malicious pages.
Scouring the Domain Name System (DNS) for the digital footprint of seven of the world’s most-imitated software1 revealed that threat actors may indeed be trailing their sights on them. Our study found that:
- More than 20,000 domains contain the names of the most-mimicked software today—7-Zip, TeamViewer, CCleaner, Microsoft Edge, Steam, Zoom, and WhatsApp.
- Close to 1,000 of the domains containing the seven featured applications were dubbed “malicious” by various malware engines.
- The 20,000+ domains containing the seven brands resolved to more than 12,000 unique IP addresses.
- From a sample of nearly 1,200 IP addresses, over 10% of the IP address resolutions of the cybersquatting domains were classified as malicious.
- Nearly 30,000 subdomains contain the names of the most-imitated programs.
- Close to 1,000 of the subdomains containing the software brands were tagged “malicious.”
Download a sample of the threat research materials now or contact us to access the complete set of research materials.
—