My “heart” goes to the warning, not to the a*hole who did buy the domain name…
I don’t get how this happened. Did the person who originally bought the domain name deliberately sell the domain? The post seems rather unclear.
Deliberately unclear, I’d guess. It’s possible the owner forgot to renew it and it got grabbed. Doesn’t really matter though, it happened.
The kicad - pcb .org site now seems to be hosting an outdated clone of the official kicad site.
$ grep kicad /etc/hosts
(Had to edit the above, I’d inadvertently created a link to k***d-p*b.o*g !)
I have added it to my pi-hole blocklist.
Written by The KiCad Development Team
The KiCad team has become aware of an unknown actor running Google Ads pointing to a clone of the official kicad.org site. This site serves an unknown payload targeting Windows when the Download button on the front page is clicked.
Unforunately, due to the nature of this attack, the options for action by the KiCad team remain limited.
We advise users to remain diligent on the internet. In particular it is best to never click Sponsored Links in Google Search results as the KiCad team does not have money to waste on such an endeavour nor does Google care to vet their ads.
KiCad continues to operate from kicad.org and all Windows downloads remain codesigned with our EV Certificate for verification.
We have a guide for verifying downloads on Windows here: Windows Installer Verification | KiCad EDA
Which should be used with the listed verification signatures here: Windows Downloads | KiCad EDA