Is Your Software a Top Impersonation Target? | WhoisXML API

Threat Reports

Is Your Software a Top Impersonation Target?

Copycatting the world’s most popular software applications is a commonly used technique to lure users into visiting seemingly legitimate yet often malicious pages.

Scouring the Domain Name System (DNS) for the digital footprint of seven of the world’s most-imitated software1 revealed that threat actors may indeed be trailing their sights on them. Our study found that:

  • More than 20,000 domains contain the names of the most-mimicked software today—7-Zip, TeamViewer, CCleaner, Microsoft Edge, Steam, Zoom, and WhatsApp.
  • Close to 1,000 of the domains containing the seven featured applications were dubbed “malicious” by various malware engines.
  • The 20,000+ domains containing the seven brands resolved to more than 12,000 unique IP addresses.
  • From a sample of nearly 1,200 IP addresses, over 10% of the IP address resolutions of the cybersquatting domains were classified as malicious.
  • Nearly 30,000 subdomains contain the names of the most-imitated programs.
  • Close to 1,000 of the subdomains containing the software brands were tagged “malicious.”

Download a sample of the threat research materials now or contact us to access the complete set of research materials.

Try our WhoisXML API for free
Get started