From the “Now you see it, now you don’t” casefile – a website which until recently mimicked the look and feel of LightShot, the popular screenshot tool. The real thing can be found at

app(dot)prntscr(dot)com

The fake website set up shop at the below typosquatting address:

pirntscr(dot)com

Close, but no cigar (or screenshot taking app, for that matter).

The bogus page is pretty much a direct scrape of the real thing, and would likely fool a lot of people hunting for a screenshot app:

Fake site

The fake site is currently offline, but it’s possible it could return. The Goo.gl shortened URL which took unwary surfers to the supposed app displays 244 clicks since it was created 7 days ago.

The Malware the fake site was offering up isn’t downloadable at time of writing – Google has been very proactive about the whole thing and has flagged it as malicious:

Nope.

Sorry, this file is infected with a virus

Only the owner is allowed to download infected files.

As for the file itself (img_37835.scr), should it appear at another download location users of Malwarebytes Anti-Malware would find we detect it as Backdoor.Bladabindi (VirusTotal 23 / 57). The URL is also mentioned in connection to Malware targeting Steam users from about a month ago in the comments section of this Virus Total page.

Screenshot tools are great; fake typosquatting domains peddling Malware, not so much. Here’s to many days  of infection-free kitten screenshots ahead.

Christopher Boyd