-

Screenshot of fake KeePassXC website with hyphen and .com top-level domain.

2026-03-27 19:29:54

keepassxc@fosstodon.org

🚨 Warning: New FAKE website offering FAKE KeePassXC downloads! Do not fall for it. The correct domain is https://keepassxc.org without hypens!

2026-03-27 19:33:03

Team KeePassXC

keepassxc@fosstodon.org

The website is asking for your email address to access the downloads. We never ask for your email address. Do not enter your data there, it's a phishing attempt.

2026-03-27 19:40:08

Vovan

bleed@dostar.moe

@keepassxc

cc @kafazen

2026-03-27 19:44:37

Szymon Nowicki

sn@social.josko.org

@keepassxc sent email to abuse@dynadot.com and cloudflare abuse (NS records)

2026-03-27 20:06:28

𝕮𝖔𝖑𝖙

gremlin@critter.cafe

@keepassxc also reported to Dynadot. Maybe you Guys should claim similar Domains like this to prevent this BS.

2026-03-27 20:07:02

Paradox

nestab@infosec.exchange

@keepassxc 😆
from repository

2026-03-27 21:28:53

Harvest Malletus

harvestmalletus@tiggi.es

@keepassxc Jeeze people. Team KeePassXC is trying the best they can. It's absurd to think that a FREE project can just go out and buy $100,000 worth of typo domains. Do a little research into what you're clicking. I for one applaud the effort KeePassXC is making to try and calm it down, but give them a little slack.

2026-03-27 21:36:49

smalldog club ☑️

smalldog@social.smalldog.club

@keepassxc this reminds me to send a donation. Not to buy domains, but just because...

keepassxc is a fave.

2026-03-27 22:17:24

Pacman

pacman@swiss.social

@keepassxc It's curious that this risk is not mentioned on the KeypassXC.org website.

2026-03-27 22:30:11

John Maxwell

jmax@mastodon.social

@keepassxc - Well, if this one strips out the AI contributions...

2026-03-27 23:37:28

ohir

ohir@social.vivaldi.net

@keepassxc
You can take over malicious domain quite easy.

Then you really should take your product to the typo-safe domain name ASAP. Possibly leveraging current publicity.

UDRP process:
https://www.icann.org/en/contracted-parties/consensus-policies/uniform-domain-name-dispute-resolution-policy/uniform-domain-name-dispute-resolution-policy-01-01-2020-en

2026-03-28 00:36:47

TheTearMiser

TheTearMiser@mastodon.social

@keepassxc

Always Check Your Sources! 5 mins of reasearch saves a lifetime of chasing down your own accounts!

2026-03-28 00:50:56

Jeroen Gui :verified:

jeroengui@infosec.exchange

Website screenshot of keepass clone, showing cloudflare's "suspected malware" warning

@keepassxc

Takedown completed.

If similar sites appear in the future, don’t hesitate to reach out! Always happy to support FOSS projects in protecting their users.

You can also easily report new cases here: https://justguard.be/report

2026-03-28 05:07:26

saxnot :trans_flag: :clippy:

saxnot@chaos.social

@keepassxc in my opinion this is not a victimless crime
this is willful deceipt and if you want to cross your t's I would even argue it's a threat to national security.

KeePassXC does irreplaceable work for security for companys, agencys and individuals. Spreading malware by pretending to have a poisoned supply chain thus is a direct threat to the country of whomever judge reads this.
When not done on purpose then it's dangerous ignorance and thus no legal way out

2026-04-07 11:50:26

Raven Luni

RavenLuni@furry.engineer

@keepassxc Your brain is the only password manager you should ever need.

2026-04-07 17:06:57

Martin G. auf Hubzilla

marting@hub.hubzilla.de

@Raven Luni Can you remember and easily type a password with 380 bits of entropy that cannot be cracked using dictionary attacks?

ÝK¾Rî°¡¨òê²|Þ¬-B)º&4ºOmµE$Ã»Ö×£|

@Team KeePassXC

2026-04-09 02:25:33

Sabmes

sabmes@mastodon.social

@keepassxc Thanks for letting me know