Trump confidant Rudy Giuliani has been spreading malware on Twitter

2025-04-27 17:14:19admin

Rudy Giuliani, President Donald Trump's current cybersecurity advisor, is inadvertently spreading malware thanks to his careless Twitter typos.

Hackers are buying up unregistered domain names erroneously shared on social media by the Trump confidant. The issue, known as "typosquatting," was discovered by Jerome Segura, a director of threat intelligence at cybersecurity company Malwarebytes, according to a report by CNET.

So what is typosquatting?

The word is a further play on the term “cybersquatting.” Cybersquatting is used to describe when someone registers a domain name, usually a brand name or a trademark, with the intent to sell it for a profit. Typosquatting is when someone misspells a URL and someone else purchases the unregistered typo-version of that domain name. Usually, this practice is done when the domain is misspelled in a major advertisement, article, or post. The typosquatter's aim here is to snipe the traffic from users who click on the URL without realizing it’s a misspelled version of the URL they actually want to visit.

In Giuliani’s case, the typosquatter for one of the misspelled URLs in his tweets happens to be a hacker looking to spread harmful malware. The specific tweet meant to share a link to his website “RudyGiulianiCS.com,” however, a space appears to have been inadvertently added in between the terms “Rudy” and “GiulianiCS.” Whoever registered the domain “Giulianics.com” decided to forward that URL to a website which attempts to install a malicious Google Chrome web browser extension.

The tweet, which was posted on Feb. 16, is still live on Twitter and is embedded below. DO NOT CLICK THE LINK.

Tweet may have been deleted

The very next tweet posted by Rudy Giuliani once again misspelled his own URL. This time he left out the final letter “i” in his name — right before the “CS.” The person who registered “RudyGiulianCS.com” has forwarded the domain to a YouTube music remix called “Fuck Trump.”

Mashable Light Speed Want more out-of-this world tech, space and science stories? Sign up for Mashable's weekly Light Speed newsletter. By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy. Thanks for signing up!

Thankfully, there’s no malware associated with this tweet. So, feel free to click the link.

Tweet may have been deleted

Giuliani’s Twitter is followed by more than 650,000 accounts. That particular malware-linked tweet has now been retweeted more than 1,700 times.

The aforementioned tweets aren’t the first timeGiuliani’s typos have provided typosquatters with prime internet real estate.

In fact, the typo domain that’s spreading malware was first registered on Jan. 31, before Giuliani posted the tweet. One might assume the domain was registered by an enterprising hacker who's all too aware of the former New York City’s mayor history of typos.

Case in point: In 2018, a typosquatter purchasedan unregistered domain that Trump’s cybersecurity advisor misspelled. The typo domain forwarded users to a website proclaiming that “Donald Trump is a traitor to our country.”

The tweet, now more than a year old, is still up on Giuliani's Twitter.

Tweet may have been deleted

Cybersecurity expert Rudy Giuliani has routinely experienced failurein dealing with basic technology matters. Just late last year, Giuliani had to visit an Apple Store after forgettinghis passcode and locking himself out of his iPhone. Also, who can forget the time he accidentally buttdialeda reporter?

The lesson here? Beware of misspelling your domain name and alwayscheck the spelling on links you intend to click— especially if they’re URLs being shared by presidential cybersecurity advisor Rudy Giuliani.