[GNC] [GNC-dev] URGENT: Fake gnucash website with fake download, most likely compromised file

Fri Dec 9 19:07:12 EST 2022

OK sorry for the flood of email but as of 4:05PM US Pacific time the ad is
no longer showing for me either. So possibly already removed via my report
and others. As for the actual site there is nothing we can do, the
important thing is that it doesn't show up on Google. No trace of it on
Bing either. So I think we are good for now.

On Fri, Dec 9, 2022 at 4:02 PM Vincent Dawans <dawansv at gmail.com> wrote:

> You need to go to the main.php page link to see the fake site. Full link
> is https://gnu-cash.org/main.php or possibly
> https://www.gnu-cash.org/main.php
>
> Google ads are location and search history dependent so might not show up
> everywhere.
>
> Google has a separate tool to report phishing sites. But make sure you
> report the whole URL with the main.php
> https://safebrowsing.google.com/safebrowsing/report_phish/?hl=en
>
> That said the https://gnu-cash.org/main.php doesn't seem to work in
> incognito mode nor on microsft edge. Only on regular chrome does it open. I
> don't have another browser installed so can't test/
>
> On Fri, Dec 9, 2022 at 3:51 PM John Ralls <jralls at ceridwen.us> wrote:
>
>> I don't see that ad when I search Google for gnucash; when I type
>> https://www.gnu-cash.org/ into my browser's address bar I'm taken to a
>> page titled "Dot Com Inovations"[sic] with a heading "October 20, 2022" and
>> nothing at all about GnuCash.
>>
>> Not that there would be anything we could do about it if it did exist.
>>
>> Regards,
>> John Ralls
>>
>>
>> > On Dec 9, 2022, at 3:39 PM, Vincent Dawans <dawansv at gmail.com> wrote:
>> >
>> > Added screenshot showing fake gnucash site ad at top of google results.
>> >
>> > On Fri, Dec 9, 2022 at 3:31 PM Vincent Dawans <dawansv at gmail.com>
>> wrote:
>> >
>> >> Precision: the link to the fake site reported below is actually
>> >> https://gnu-cash.org/main.php -- you need the full page link to see
>> the
>> >> fake site that shows in the google ad.
>> >>
>> >> On Fri, Dec 9, 2022 at 3:24 PM Vincent Dawans <dawansv at gmail.com>
>> wrote:
>> >>
>> >>> I just typed gnucash in google and the first hit was an ad pointing to
>> >>> gnu-cash.org (with a dash). It is a fake site that is a carbon copy
>> of
>> >>> the official site but the download link goes to a setup.exe that is
>> most
>> >>> likely a corrupted virus file.
>> >>>
>> >>> We need this removed ASAP. There is an option in google to report the
>> >>> site and mark it as spam/phishing. I imagine if more people do this
>> it will
>> >>> get removed faster hopefully.
>> >>>
>> >>
>> > <fake-gnucash-site.png>_______________________________________________
>> > gnucash-devel mailing list
>> > gnucash-devel at gnucash.org
>> > https://lists.gnucash.org/mailman/listinfo/gnucash-devel
>>
>>