Fake KeePass site uses Google Ads and Punycode to push malware

A Google Ads campaign was exposed promoting a fake KeePass download site that distributed malware under the appearance of the official KeePass password manager domain. The perpetrators used Punycode to make the deception difficult to detect. The abuse of Punycode and Google Ads suggests a dangerous new trend in cyberspace. It is unknown what the final malware payload was, but it was linked with infostealers such as Redline, Ursniff, and Rhadamathys.