AppImageLauncher icon indicating copy to clipboard operation
AppImageLauncher copied to clipboard
verified publisher icon TheAssassin

Impersonator/Phishing website?

Open jmakovecki opened this issue 4 months ago • 8 comments

Pre-submit checks

  • [x] I checked for similar issues beforehand, but could not find any, not even closed ones. I could not add my bug report to any existing issue.
  • [x] I am going to take the time to to fill in all the required details. I know that the bug report will be dismissed otherwise.

Describe the bug

A website seems to have popped up, which looks incredibly suspicious.

The website is !SUSPICIOUS! https://appimagelauncher.com !SUSPICIOUS!

At a glance it looks like an official website for the project, but a few things bother me:

  • it feels AI-generated
  • doesn't really mention the official GitHub project, aside from one link, which isn't even clickable and looks like an AI generation oversight. No contributing guidelines, no authors, nothing.
  • weird spelling mistakes ("Down Load Now" button)
  • doesn't redirect to GitHub for downloads, instead offering its own file (which I'm not downloading for security reasons, but should probably be run through virustotal)
  • lists contact email as [email protected] - what the...
  • there are barely any mentions of it on google, and even those are recent and might have just been people getting tricked (like here... https://www.reddit.com/r/linux/comments/1lucpta/i_have_made_a_python_app_to_make_appimage_files/)

Please look into it and either mention it here if it is official (which I doubt), or post a warning about impersonators and see what can be done in relation to having it taken down.

Expected behavior

An official website or none at all.

Steps to reproduce the issue

Google "AppImageLauncher" and see the site pop up at the top

Screenshots

No response

Distribution and desktop environment

N/A

Installed AppImageLauncher version

N/A

List of AppImages you tried

N/A

Additional context

N/A

jmakovecki avatar Aug 18 '25 11:08 jmakovecki

Looks like the domain was also only registered recently - 2025-6-18

jmakovecki avatar Aug 18 '25 12:08 jmakovecki

Thank you for the heads-up. Obviously, this is a fake website. Everyone, please feel free to contact their hosting provider, registrar, etc. I will do the same.

TheAssassin avatar Aug 18 '25 12:08 TheAssassin

Very weird. I downloaded the dodgy-looking zip and sent it to jotti but it found no obvious problems. Unzipped it and it just seems to be a tarball of the repo downloaded from Github, although maybe there was a hidden surprise somewhere.

If you search for the weird email address listed on the site, it turns up similar domain-squatting slop sites (incl. CrystalDiskMark, GrepWin and others). Some of them have links to other weird sites probably for SEO, but many don't.

Seems like a lot of work for little obvious reward...

DestyNova avatar Aug 19 '25 14:08 DestyNova

Great catch!

Here's some possible next steps:

Report for Malware / Phishing:

I've reported the website for Phishing or Potential Malware, because that's the most likely future target. You should do the same as well.

Report Links: Google Safe Browsing

My Report:

A popular open source project's exact match .com domain name is being used by someone falsely posing as the original distributor of the project, and has the potential to distribute malware in future.

Fake website: https://appimagelauncher.com/
Original Project Repository: https://github.com/TheAssassin/AppImageLauncher
Related GitHub issue: https://github.com/TheAssassin/AppImageLauncher/issues/737

Report to Registrar:

From whois looks like the registrar is Spaceship. They have an abuse report page.

Based on that page, the project owner / maintainers can / should report abuse to this email: [email protected]

Report to DNS / Hosting:

The hosting / DNS provider is Cloudflare. They also have a Phishing report link: https://abuse.cloudflare.com/phishing

I also suggest the project owner / maintainers to report to Cloudflare.

Report to ICAAN:

If the registrar doesn't respond to complain, you may report to ICAAN: https://www.icann.org/compliance/complaint

Domain name Transfer:

The final step that's possible is a domain name ownership transfer (UDRP) complain.

UDRP = Uniform Domain-Name Dispute-Resolution Policy. But this costs a lot of money: $1500 or more.

Domain name Suspension:

The alternative to UDRP is to report for domain name suspension with Uniform Rapid Suspension System (URS). This also costs money, but a bit less: $375

Hope this information was helpful!

fayaz-dev avatar Aug 20 '25 00:08 fayaz-dev

you actually have to pay to take down scammers? lol... the big guys are too big to bother having to worry about that: "let the peasants take out the trash themselves"

Spractral avatar Aug 27 '25 02:08 Spractral

Creating a dedicated website about this service might be the better way to go about this

itskokeh avatar Aug 30 '25 13:08 itskokeh

you actually have to pay to take down scammers? lol... the big guys are too big to bother having to worry about that: "let the peasants take out the trash themselves"

Most of the steps I've mentioned are free. But taking a domain name from someone who paid for it, needs a lot of work.

So what you are paying for, is kind of like a court fee. Yes, it's hilarious, but is it more hilarious than having to spend money for something like a divorce? 🤣

fayaz-dev avatar Aug 30 '25 19:08 fayaz-dev

this site shouldn't be up @TheAssassin

This was the first site I found when looking for a tool like this. I obviously didn't trust it due to no github and this github also doesn't point back to it. I'm not sure what efforts were taken, but 2 months after the site is still up, so its important to take measures. Chances are its already distributing malware so do your best to take it down.

Also consider the idea of getting this tool available on the official Debian/Ubuntu repos or something.

alb2001 avatar Oct 14 '25 08:10 alb2001