u/Expensive-Count3817

Image 1 — opencorelegacypatcher.net is another typosquatting site
Image 2 — opencorelegacypatcher.net is another typosquatting site
Image 3 — opencorelegacypatcher.net is another typosquatting site
Image 4 — opencorelegacypatcher.net is another typosquatting site

opencorelegacypatcher.net is another typosquatting site

opencorelegacypatcher.net is a typosquatting site full with annoying ads. It has nothing to do with the previous 2 cases of typosquatting. Likely they intentionally place ads so on those ads are clicking bots. It is again designed to look professional and the binaries are hosted on their own servers. Sometimes, clicking on Source code (zip) on the download page redirects to Dortania’s official repository instead.
Strangely enough, the SHA256 certificates of the packages matched Dortania’s own when I checked the last time a couple of months ago.

u/Expensive-Count3817 — 13 hours ago

opencorelegacypatchers.com is a typosquatting site

opencorelegacypatchers.com is a typosquatting site. It tries to look professional in order to steal traffic from Dortania’s repository. Not sure if it has malware because it’s not possible to test it in Triage since it demands for password inside Triage. It has nothing to do with the previous case - it’s completely different one.

u/Expensive-Count3817 — 1 day ago

opencorelegacypatcher.org is a typosquatting site impersonating Dortania to launch ClickFix attacks and install AsyncRAT

WARNING: opencorelegacypatcher. org is a malicious, typosquatting site.
This website is impersonating the legitimate project to launch "ClickFix" attacks and distribute the AsyncRAT malware. Do not visit or download anything from that site.
I have documented the full details of this threat in this security research repository: https://github.com/albert-mueller/OpenCore-Legacy-Patcher-T2/issues/103.
Clarification for the community:
• This GitHub repository is a defensive security advisory created to investigate and expose the malware.
• The repository does not contain the malware.
If you would like to help, please report the malicious website opencorelegacypatcher.org to their registrar, rather than reporting this repository.

u/Expensive-Count3817 — 2 days ago