Windows 10 News and info | Forum
September 17, 2019, Loading... *
Welcome, Guest. Please login or register.

Login with username, password and session length
News: This is a clean Ad-free Forum and protected by StopForumSpam, Project Honeypot, Botscout and AbuseIPDB | This forum does not use audio ads, popups, or other annoyances. New member registration currently disabled.
 
  Website   Home   Windows 8 Website GDPR Help Login Register  
By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy.
Pages: [1]
  Print  
Share this topic on Del.icio.usShare this topic on DiggShare this topic on FacebookShare this topic on GoogleShare this topic on MySpaceShare this topic on RedditShare this topic on StumbleUponShare this topic on TechnoratiShare this topic on TwitterShare this topic on YahooShare this topic on Google buzz
Author Topic: New Android Trojan Leads Users to Scam Sites via Notifications  (Read 230 times)
javajolt
Administrator
Hero Member
*****
Online Online

Gender: Male
United States United States

Posts: 30463


I Do Windows


WWW Email
« on: June 15, 2019, 03:00:58 AM »
ReplyReply

A new Android Trojan that uses web push notifications to redirect users to scam and fraudulent sites has been discovered by security researchers on Google's Play Store.

Multiple fake apps of well-known brands that distributed the malware dubbed Android.FakeApp.174 got removed in early June after researchers from Doctor Web reported them to Google.

While the apps were only installed by a little over 1000 users, the malware operators could publish other similar apps at any time on the Play Store and might also be switching to more aggressive attack methods such as redirecting victims to malicious payloads, launching phishing attacks targeting bank customers, or spreading fake news.

For instance, "Potential victims can think the fake notification is real and tap it only to be redirected to a phishing site, where they will be prompted to indicate their name, credentials, email addresses, bank card numbers, and other confidential information," Doctor Web explains.


Two of the malicious apps

When the malicious fake apps are first launched, the Android.FakeApp.174 Trojan loads a site hardcoded in its settings using the Google Chrome web browser, a website which asks the targets to allow notifications under the guise of verifying that the user is not a bot.

Upon agreeing to enable web push notifications for "verification purposes," the compromised device's owner is subscribed to the site's notifications and will be spammed with dozens of notifications sent by Chrome using Web Push technology.

This tech makes it possible to send alerts when the web browser is closed when the website is not open in the browser, and even after the Trojan is completely removed from the system as explained by Doctor Web.


Verification dialogs asking for notification permissions

"These messages are displayed on the device notification panel and may be mistaken for system messages. They may look like notifications from social media, dating websites, news agencies, and other well-known online services," says Doctor Web.

These push notifications can pose as a wide range of alerts ranging from new social media messages and news to new social media events and notifications seemingly being pushed by applications installed on the device.

The crooks use these camouflaged push notifications to redirect the victims to various types of scam sites such as "advertising of casinos, betting shops, various Google Play applications, discounts and coupons," as well as more treacherous "fake online polls and prize drawings, aggregators of partner links, and other online resources that vary depending on the country of residence of the user."


Spam push notifications and the scam sites they redirect to

The Doctor Web researchers think that the Android.FakeApp.174 Trojan creators "will make more active use of this method to promote questionable services, so mobile users should be careful while visiting websites and not subscribe to notifications if the website is unfamiliar or suspicious."

Android users who already have been tricked into subscribing to this type of spam web push notifications are advised to go through the following steps to get rid of them:

Quote
■ Go to the Google Chrome settings, select Site Settings and then Notifications;

■ On the list of websites with notifications, find the website address, tap it, and select Clear & reset.


source
Logged


Pages: [1]
  Print  
 
Jump to:  

Powered by SMF 1.1.21 | SMF © 2017, Simple Machines

Google visited last this page August 23, 2019, 02:47:36 AM