14 DAY TRIAL // Attention all Softpedians: a crook (for lack of a better term) is currently setting up impersonation copies of reputable download websites, including Softpedia, to deliver potentially malicious content to unsuspecting users.
Softpedia has built a reputation for offering for download software verified in our labs so that users do not run any risk upon installing it. Additionally, we only provide original installation files as published by the software developers, instead of using adware-packed online-based installers like most download sites do nowadays.
Nevertheless, people who are on the lookout for new opportunities to make money by taking advantage of this hard work have recently registered a domain with a name that's clearly intended to trick users into believing that they are accessing content verified by Softpedia.
We have found a page hosted at “s0ftpedia[.]pw” that claims to deliver legitimate software, but offers potentially malicious applications instead. Moreover, it impersonates our old page design, which could make the whole deal more believable.
Pay attention to the domain name
The no-gooders rely on typosquatting to deceive the user, as the letter “o” in the domain name is actually the number zero. Also, notice that the top-level domain (TLD) is not “.com” but “.pw,” a very rarely used TLD that has been assigned to the Republic of Palau.
Softpedia regulars have certainly noticed the recent redesign and identity update of our website and will likely be quick at recognizing the deceit. However, as a warning to everyone, please stay away from any site that “almost looks like” the old Softpedia.
The malicious website is not currently indexed by search engines such as Google, so it does not appear in web search results. However, users can end up on it by searching and clicking on results from legitimate sites that have been hacked solely for the purpose of redirecting users to the site that serves fake downloads.
Users are thus twice deceived, as the download is encountered in a reputable location, from what looks like a reputable source at a quick glance.
Additionally, note that the site appears to track subsequent visits from the same computer, and it will often look differently the second or third time.
Make sure the download comes from the official source
We have already contacted the hosting provider to take down the website, but until the necessary action is carried out, attention should be paid to the download source, not just as far as Softpedia is concerned, but other legitimate locations providing software download services.
Based on previous experience (we've previously had to deal with megaupl0ad[.]org and a few variations), this may take a while, and naturally, the WHOIS information for the domain is hidden using a protection service.
Note that while most antivirus products will block those potentially malicious downloads and will warn that the web page includes dangerous content, this might not happen in all cases. It appears that multiple redirects are in use, which can at times confuse computer security solutions.