[GNC] [GNC-dev] URGENT: Fake gnucash website with fake download, most likely compromised file

Vincent Dawans dawansv at gmail.com
Fri Dec 9 19:49:47 EST 2022


OK got the setup.exe back from my recycling bin and submitted it to
virustotal.
Here is the result:
https://www.virustotal.com/gui/file/15d333959c6bf4bc913a3526a7aae8855af60b08a2542ee245d18b79dc7eede5

On Fri, Dec 9, 2022 at 4:41 PM Glenn Fowler <gfowler1 at outlook.com> wrote:

> Thanks Vincent. If you could upload the file to virustotal that would help
> as well.
>
> On Fri, Dec 9, 2022 at 7:22 PM Vincent Dawans <dawansv at gmail.com> wrote:
>
>> Glenn: I am on the US West coast. Oregon. The fake site was never on the
>> default page but at https://gnu-cash.org/main.php -- but other users now
>> report this just shows a blank page which is a good sign possibly.
>>
>> I still have a cached version (attached pic) you can see how the Windows
>> download points to a fake page https://gnu-cash.org/download.php page
>> (bottom left of the picture, link shows because I was pointing on it when I
>> took the screenshot). When I clicked on that it downloaded a setup.exe file
>> which I promptly deleted.
>>
>> On Fri, Dec 9, 2022 at 4:17 PM Glenn Fowler <gfowler1 at outlook.com> wrote:
>>
>>> I see the Dot Com Inovations as well. I tried Firefox & Edge. I'm in the
>>> US. Vincent, where are you from?
>>>
>>> On Fri, Dec 9, 2022 at 6:50 PM John Ralls <jralls at ceridwen.us> wrote:
>>>
>>>> I don't see that ad when I search Google for gnucash; when I type
>>>> https://www.gnu-cash.org/ into my browser's address bar I'm taken to a
>>>> page titled "Dot Com Inovations"[sic] with a heading "October 20, 2022" and
>>>> nothing at all about GnuCash.
>>>>
>>>> Not that there would be anything we could do about it if it did exist.
>>>>
>>>> Regards,
>>>> John Ralls
>>>>
>>>>
>>>> > On Dec 9, 2022, at 3:39 PM, Vincent Dawans <dawansv at gmail.com> wrote:
>>>> >
>>>> > Added screenshot showing fake gnucash site ad at top of google
>>>> results.
>>>> >
>>>> > On Fri, Dec 9, 2022 at 3:31 PM Vincent Dawans <dawansv at gmail.com>
>>>> wrote:
>>>> >
>>>> >> Precision: the link to the fake site reported below is actually
>>>> >> https://gnu-cash.org/main.php -- you need the full page link to see
>>>> the
>>>> >> fake site that shows in the google ad.
>>>> >>
>>>> >> On Fri, Dec 9, 2022 at 3:24 PM Vincent Dawans <dawansv at gmail.com>
>>>> wrote:
>>>> >>
>>>> >>> I just typed gnucash in google and the first hit was an ad pointing
>>>> to
>>>> >>> gnu-cash.org (with a dash). It is a fake site that is a carbon
>>>> copy of
>>>> >>> the official site but the download link goes to a setup.exe that is
>>>> most
>>>> >>> likely a corrupted virus file.
>>>> >>>
>>>> >>> We need this removed ASAP. There is an option in google to report
>>>> the
>>>> >>> site and mark it as spam/phishing. I imagine if more people do this
>>>> it will
>>>> >>> get removed faster hopefully.
>>>> >>>
>>>> >>
>>>> > <fake-gnucash-site.png>_______________________________________________
>>>> > gnucash-devel mailing list
>>>> > gnucash-devel at gnucash.org
>>>> > https://lists.gnucash.org/mailman/listinfo/gnucash-devel
>>>>
>>>> _______________________________________________
>>>> gnucash-user mailing list
>>>> gnucash-user at gnucash.org
>>>> To update your subscription preferences or to unsubscribe:
>>>> https://lists.gnucash.org/mailman/listinfo/gnucash-user
>>>> -----
>>>> Please remember to CC this list on all your replies.
>>>> You can do this by using Reply-To-List or Reply-All.
>>>>
>>>


More information about the gnucash-user mailing list