Rudy Giuliani's Twitter typos are a malware trap! Don't click these
Mistyped web links take you nowhere good
Former New York City Mayor Rudy Giuliani is famous for making mistakes on TV, but it's his mistakes on Twitter than might infect your PC with malware.
The former presidential candidate, now serving pro bono as President Donald Trump's personal attorney, sometimes makes typos when he posts web links on his Twitter feed, which has more than 650,000 followers. On this past Saturday, (Feb. 16), he made three.
Crooks and pranksters have registered those mangled domain names and had fun with them. Two redirect to benign websites, but the third leads to a potentially malicious browser extension, as Malwarebytes' Jerome Segura wrote in a blog post today (Feb. 19).
- Best antivirus software: Protect your PC
- Best password managers
- Twitter lets you mute words with this simple trick
Saturday just wasn't a good day for Rudy. He began by posting a long tweet calling financier George Soros "enemy number one of the Republican Party" and an "anarchist." Giuliani implored his followers to "watchrudygiulianics.com Wednesday this week."
Soros is enemy number one of the Republican Party. He’s like an anarchist. He funded DAs who are letting criminals go free. And in Eastern Europe he uses our embassies to protect his organization and attack his enemies. https://t.co/WFcytLdmaR Wednesday this week. https://t.co/OHONO51MuvFebruary 16, 2020
The problem is that Giuliani's personal website is "rudygiulianics.com." There's no "watch" in the URL. But someone registered "watchrudygiulianics.com" and it now redirects to a drug-treatment website.
Not as charming was the link Giuliani posted a couple of tweets later. In that case, he wrote "Rudy Giulianics.com," so only the last part linked to anything.
Rudy Giuliani - Former Associate U.S. Attorney General & Former Mayor of New York CitySUBSCRIBE: Rudy https://t.co/cmLuQdUtOW https://t.co/3iLot6QCn2February 16, 2020
Lo and behold, someone registered "Guilianics.com." If you click on that link, it now tries to get you to install a very shady-sounding browser extension that admits it will change your default search engine.
Sign up to get the BEST of Tom's Guide direct to your inbox.
Get instant access to breaking news, the hottest reviews, great deals and helpful tips.
"When you see a domain registered with a Giuliani tweet with malware, that's not good for anybody," Segura told CNET.
Finally, Giuliani retweeted a fan's tweet and added another link to his own website, except that he left out the final "i", resulting in the link being "rudygiuliancs.com."
Thank you for a much too flattering portrait and for your support. Follow RUDY GIULIANI COMMON SENSE at https://t.co/zzGPt2N6WA and click subscribe. https://t.co/TdaepUL2H4February 16, 2020
Click on that, and you're redirected to the Wikipedia page about the Trump-Ukraine scandal, in which Giuliani plays a central role.
Segura points out that Giuliani, who was briefly President Trump's cybersecurity advisor, has become so famous for making digital gaffes -- Giuliani has butt-dialed reporters from his cell phone at least twice -- that people are counting on him to make mistakes.
"You're kind of relying on the user to make those typos and they happen once in a blue moon, so that's not ideal for attackers," Segura told CNET. "With him, just looking at the last few days, there were multiple occasions where he created links by mistake."
Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.