Team KeePassXC🚨 Warning: New FAKE website offering FAKE KeePassXC downloads! Do not fall for it. The correct domain is https://keepassxc.org without hypens!
Andreas SchneiderThe website is asking for your email address to access the downloads. We never ask for your email address. Do not enter your data there, it's a phishing attempt.
Eric@keepassxc
Methinks you should go buy as many typosquat domains as are available before copycats get to them.
Methinks you should go buy as many typosquat domains as are available before copycats get to them.
@eroc1990 We own several already, but it's a losing game and a pretty expensive one at that.
David@keepassxc @eroc1990
Yeah, that sounds like Whac-a-mole.
Anything else that can be done about it?
I just reported it to DuckDuckgo, it is the third result for "keepass xc" there currently -.-
Jani Tikkanen@dreua
Enter lots of fake emails to them? Possibly to domain that tarpits every access or something else that slows down them..
@keepassxc @eroc1990
Enter lots of fake emails to them? Possibly to domain that tarpits every access or something else that slows down them..
@keepassxc @eroc1990
saxnot
Kaito@eroc1990 @keepassxc 'good' point but people shouldn't have to do that...
Insignificant NagusI installed keepassxc yesterday in a hurry, normally I do pay a lot of attention to the URL, in hindsight not so sure...
So if I didn't have to enter an email, I should have chosen the right one? Or at least let's say, not this particular one?
Is the download malware that leaks the pw datatbase in plain text? Is the signature known to av programs?
Linus â“¥@insignificant_nagus
I guess you're using M$ Windows (otherwise you would have probably used a package manager).
If you still got the .MSI/.zip file, you can check the signature of the file like this:
https://keepassxc.org/verifying-signatures
(You can scroll all the way down for a simple hash sum check using PowerShell)
If it does match, your installer was legit :)
@keepassxc
I guess you're using M$ Windows (otherwise you would have probably used a package manager).
If you still got the .MSI/.zip file, you can check the signature of the file like this:
https://keepassxc.org/verifying-signatures
(You can scroll all the way down for a simple hash sum check using PowerShell)
If it does match, your installer was legit :)
@keepassxc