GIMPFeb 1, 2023

A few months ago, we warned that malevolent people were buying Google ads leading people to fake #GIMP websites to trick them into downloading malware.
Apparently this is still continuing to this day (as were reported to us). Google is still not blocking these fake ads despite the many reports and articles which happened for months now. πŸ˜“

Be careful and always make sure where you download your software from. Also the GIMP project doesn't buy ads!

https://floss.social/@mithrandir@defcon.social/109773987578181949

mithrandir (@[email protected])

Attached: 2 images More malware from malicious Google ads. gemmp[.]shop and gliimp[.]click redirect to gilmp[.]org where gimp-2.10.32-setupx32x64.zip is downloaded from cdn.discordapp.com. After removing the excessive padding from the download, uploaded the exe to VirusTotal - going to dig into it a bit more later. https://www.virustotal.com/gui/file/6262cff03c465550e501f1f15c942d641a1a79edc4d52286abd8158a53aef220/detection #malvertising #malware #intel #gimp

DEF CON Social
Show threadAustin Nunn πŸ³οΈβ€πŸŒˆπŸFeb 1, 2023
@GIMP I don’t understand who the main target for this is. You have to be knowledgeable enough to know what GIMP is, but fool enough to not recognize a scam or phishing website? I guess enough people are falling for it to make it worth their while?
Show threadGIMPFeb 1, 2023

@austincnunn GIMP is known by many people, even those who have no idea what Free Software is.
Last I had access to reliable download numbers (was a few years ago), we had about 50 thousands downloads a day of the Windows installer only. I.e. people going to our website and clicking the download button.
If attackers can get just a tiny percent of these downloads through ads, it will still be a lot.

Also phishing websites are perfect copies of ours (except for the installer which is a malware).

Show threadAustin Nunn πŸ³οΈβ€πŸŒˆπŸFeb 1, 2023
@GIMP The download numbers are always misleading. Do you have a rough active-install number? (not doubting anything else you said, just curious now)
Show threadGIMPFeb 1, 2023
@austincnunn We certainly don't gather such stats. We are not a data-based business (nor a business at all) and don't gather live data.
This being said, now that GIMP is also (since recently) on Microsoft Store (very tiny percentage of our Windows downloads), an "active devices" stats on their platform says 365,595 in the previous month (though no idea what these stats are based on; as said, we have no stats gathering code in GIMP itself, where does Microsoft get "active devices" stats?).
Show threadParienve

@GIMP
Best case, they could just be counting the number of requests made to their update servers for each Store app.

Worst case, Windows could be regularly sending detailed telemetry on application usage in general.

Given Microsoft's data-rapacious business model, I suspect the latter is closer to reality.
@austincnunn

Feb 2, 2023 at 3:07amWeb