[GNC] [GNC-dev] URGENT: Fake gnucash website with fake download, most likely compromised file

Glenn Fowler gfowler1 at outlook.com
Fri Dec 9 19:41:21 EST 2022 

Thanks Vincent. If you could upload the file to virustotal that would help
as well.

On Fri, Dec 9, 2022 at 7:22 PM Vincent Dawans <dawansv at gmail.com> wrote:

> Glenn: I am on the US West coast. Oregon. The fake site was never on the
> default page but at https://gnu-cash.org/main.php -- but other users now
> report this just shows a blank page which is a good sign possibly.
>
> I still have a cached version (attached pic) you can see how the Windows
> download points to a fake page https://gnu-cash.org/download.php page
> (bottom left of the picture, link shows because I was pointing on it when I
> took the screenshot). When I clicked on that it downloaded a setup.exe file
> which I promptly deleted.
>
> On Fri, Dec 9, 2022 at 4:17 PM Glenn Fowler <gfowler1 at outlook.com> wrote:
>
>> I see the Dot Com Inovations as well. I tried Firefox & Edge. I'm in the
>> US. Vincent, where are you from?
>>
>> On Fri, Dec 9, 2022 at 6:50 PM John Ralls <jralls at ceridwen.us> wrote:
>>
>>> I don't see that ad when I search Google for gnucash; when I type
>>> https://www.gnu-cash.org/ into my browser's address bar I'm taken to a
>>> page titled "Dot Com Inovations"[sic] with a heading "October 20, 2022" and
>>> nothing at all about GnuCash.
>>>
>>> Not that there would be anything we could do about it if it did exist.
>>>
>>> Regards,
>>> John Ralls
>>>
>>>
>>> > On Dec 9, 2022, at 3:39 PM, Vincent Dawans <dawansv at gmail.com> wrote:
>>> >
>>> > Added screenshot showing fake gnucash site ad at top of google results.
>>> >
>>> > On Fri, Dec 9, 2022 at 3:31 PM Vincent Dawans <dawansv at gmail.com>
>>> wrote:
>>> >
>>> >> Precision: the link to the fake site reported below is actually
>>> >> https://gnu-cash.org/main.php -- you need the full page link to see
>>> the
>>> >> fake site that shows in the google ad.
>>> >>
>>> >> On Fri, Dec 9, 2022 at 3:24 PM Vincent Dawans <dawansv at gmail.com>
>>> wrote:
>>> >>
>>> >>> I just typed gnucash in google and the first hit was an ad pointing
>>> to
>>> >>> gnu-cash.org (with a dash). It is a fake site that is a carbon copy
>>> of
>>> >>> the official site but the download link goes to a setup.exe that is
>>> most
>>> >>> likely a corrupted virus file.
>>> >>>
>>> >>> We need this removed ASAP. There is an option in google to report the
>>> >>> site and mark it as spam/phishing. I imagine if more people do this
>>> it will
>>> >>> get removed faster hopefully.
>>> >>>
>>> >>
>>> > <fake-gnucash-site.png>_______________________________________________
>>> > gnucash-devel mailing list
>>> > gnucash-devel at gnucash.org
>>> > https://lists.gnucash.org/mailman/listinfo/gnucash-devel
>>>
>>> _______________________________________________
>>> gnucash-user mailing list
>>> gnucash-user at gnucash.org
>>> To update your subscription preferences or to unsubscribe:
>>> https://lists.gnucash.org/mailman/listinfo/gnucash-user
>>> -----
>>> Please remember to CC this list on all your replies.
>>> You can do this by using Reply-To-List or Reply-All.
>>>
>>

More information about the gnucash-user mailing list