Friday, March 26, 2021

Google Chrome Users Are at Risk of Malicious Notifications | Free Antivirus

Virus analysts discovered Android.FakeApp.174, which uploads suspicious websites to the Google Chrome browser. Google Chrome users are registered for push notifications without their consent. These are sent even when the browser is closed. You could also believe that they are real. Such notifications not only disrupt work with Android devices but can also lead to the theft of money and confidential data.

Web push technology enables websites to send notifications to the user with the consent of the user, even if a website is not open in the browser. This feature is useful and convenient when dealing with harmless content. For example, you can find out about new posts on social networks in this way. News outlets can also notify their subscribers of new posts. However, the technology is being misused by cybercriminals and unscrupulous advertisers to distribute advertisements and fraudulent notifications from hacked or malicious websites.

These notifications are supported in browsers on both PCs and laptops and mobile devices. Typically, if the victim clicks on a link or banner ad, they end up on a dubious website. Android.FakeApp.174 is one of the first Trojans to help cybercriminals to increase the number of visitors to these pages and to generate such notifications for smartphone and tablet users.

Android.FakeApp.174 is distributed under the guise of a well-known app. Two such modifications of the Trojan were discovered by our virus analysts on Google Play in early June. After contacting Google, the malware was removed. Nonetheless, the app was downloaded by over 1,100 users.

Malicious Notifications 2| Free Antivirus


 

When it starts, the Trojan downloads a website in the Google Chrome browser, the address of which is specified in the settings of a malicious app. This page redirects the user to the pages of various partner programs. You will then be asked to allow the receipt of notifications on each of these pages. To convince the victim of this, some kind of check is carried out (e.g. that the user is not a robot) or a hint is given as to which button to click. This should generate more subscriptions. Examples of such requests are shown in the following screenshots:   

After the subscription is activated, these websites start sending the user numerous notifications about the questionable content. They are received even if the browser is closed and the Trojan has already been deleted. The content can be anything, including false notifications about the receipt of cash bonuses or transfers, new messages on social networks, advertising horoscopes, casinos, goods and services, and even «news».

Many of them look like real notifications from real online services. For example, they have the logo of a bank, a dating website, a news agency, or a social network. Android device owners can receive dozens of such spam messages every day.

Although these notifications also contain the address of the relevant website, they can be overlooked by an ignorant user. Examples of fraudulent notifications are as follows:   

   

If you click on such a notification, you will be redirected to the website with questionable content. This can include advertising for casinos and different apps on Google Play, discount, and voucher offer as well as fake online surveys and competitions, which vary depending on the location of the user. Examples of such websites are as follows:

Malicious Notifications 1 | Free Antivirus

   

Many of these websites are involved in known fraudulent programs. Cyber ​​criminals are also able to launch an attack at any time to steal sensitive data. A potential victim can click on a fake notification, go to a phishing site and provide their name, login, password, email address, credit card number, or other sensitive information.

Find the best free antivirus to protect your device from cybercriminals

Malware analysts believe that cybercriminals will continue to actively use this method to promote dubious services. Android users should therefore carefully check websites for suspicious requests and unwanted notifications when they visit websites. If for any reason, you have subscribed to unsolicited spam notifications, you should do the following:

·         Go to «Settings» => «Website Settings» => «Notifications» in Google Chrome.

·         Find the relevant website in the list, click on it and select "Reset permissions" or "Delete".

Dr.Web products for Android finds and deletes all known modifications of Android.FakeApp.174. Therefore, the Trojan does not pose a threat to our users.

No comments:

Post a Comment

What Is a ListentoYouTube Virus and How to Remove This?

On the off chance that you were searching for an approach to convert YouTube videos to MP3, you may have discovered the ListentoYouTube viru...