Notice - Non-official site with a tampered version of KeePass


KeePass is probably one of the most popular password managers. Simple, free and open source, it quickly became largely adopted at home and at work. Beware, a non-official website using an URL similar to the real one lets you download a tampered version of the password manager with some adware in it.

Average reading time : 1min 21s

KeePass is one of the most popular password managers. It is open source and free. Many companies use it to store their passwords. The official website is keepass.info, however, a non-official website is using the « .fr » extension, the French top-level domain, instead of the « .info ». Beware, the version you can download from this site contains some adware in it.

On virustotal.com, a website running executables on several antiviruses, the tampered application is flagged as malware. On 67 antiviruses, 14 detected that the application contains unwanted adware.

Since you cannot be sure that your antivirus is going to detect the malicious code, there is a risk that a victim does not figure out that he just installed an altered version of the software. Especially since the password manager features are still present. Even if in this case the adware is not a direct threat to the users and the company, in other cases, it could have been a spyware or a ransomware.

It is also important to notice that the non official website uses HTTPS (green lock) to comfort the visitors. A green lock does not guaranty you that the website is official and that downloading software from it is safe. The only proofs that the green lock gives are that the server on the other side is indeed keepass.fr and that the communications between your browser and the website are encrypted. No one can eavesdrop on your connection, but you can still download a malware.

Conclusion

The main advice is to always double check that you are downloading an application from the official website. In case of doubt, ask around and check on various sources. You can also use a website like virustotal.com that will scan any software and let you know if it finds anything suspicious before executing it on your computer.

The correct address for downloading KeePass is keepass.info. Beware of others extension such as « .fr » or « .com ».

Thanks to Ivan Kwiatkowsi for sharing this information.

Do you want to receive our last news ? Subscribe