Threat actors increasingly use domains that mimic legitimate software providers to distribute fake or malicious software. By employing techniques like typo-squatting or character substitution, these deceptive domains trick you into unwittingly downloading trojanized versions of productivity applications or secure shell clients. This vulnerability exposes your network to system infections, data theft, and lateral movement by threat actors who exploit the trust users place in familiar brand names.

The Advanced DNS Security and Advanced DNS Security Resolver services now include a specialized detection capability to proactively identify and block access to these malicious domains. Fake/Malicious software hosting domain detection leverages advanced techniques to analyze DNS queries and responses in real-time for indicators of impersonation. By categorizing these threats under the existing Malware category with a specific threat name (using the format <generic>:Fake_Software:<FQDN>), the service provides you with granular visibility and proactive protection at the DNS layer. This ensures a robust defense against sophisticated impersonation attacks before a network connection is ever established.