Virus analysts discovered Android.FakeApp.174, which uploads suspicious websites to the Google Chrome browser. Google Chrome users are registered for push notifications without their consent. These are sent even when the browser is closed. You could also believe that they are real. Such notifications not only disrupt work with Android devices but can also lead to the theft of money and confidential data.
Web push technology
enables websites to send notifications to the user with the consent of the
user, even if a website is not open in the browser. This feature is useful
and convenient when dealing with harmless content. For example, you can
find out about new posts on social networks in this way. News outlets can
also notify their subscribers of new posts. However, the technology is
being misused by cybercriminals and unscrupulous advertisers to distribute
advertisements and fraudulent notifications from hacked or malicious websites.
These notifications
are supported in browsers on both PCs and laptops and mobile
devices. Typically, if the victim clicks on a link or banner ad, they end
up on a dubious website. Android.FakeApp.174 is
one of the first Trojans to help cybercriminals to increase the number of
visitors to these pages and to generate such notifications for smartphone and
tablet users.
Android.FakeApp.174 is
distributed under the guise of a well-known app. Two such modifications of
the Trojan were discovered by our virus analysts on Google Play in early
June. After contacting Google, the malware was removed. Nonetheless,
the app was downloaded by over 1,100 users.
When it starts, the Trojan downloads a website in the Google Chrome browser, the address of which is specified in the settings of a malicious app. This page redirects the user to the pages of various partner programs. You will then be asked to allow the receipt of notifications on each of these pages. To convince the victim of this, some kind of check is carried out (e.g. that the user is not a robot) or a hint is given as to which button to click. This should generate more subscriptions. Examples of such requests are shown in the following screenshots:
After the
subscription is activated, these websites start sending the user numerous
notifications about the questionable content. They are received even if the
browser is closed and the Trojan has already been deleted. The content can
be anything, including false notifications about the receipt of cash bonuses or
transfers, new messages on social networks, advertising horoscopes, casinos,
goods and services, and even «news».
Many of them look
like real notifications from real online services. For example, they have
the logo of a bank, a dating website, a news agency, or a social
network. Android device owners can receive dozens of such spam messages
every day.
Although these notifications also contain the address of the relevant website, they can be overlooked by an ignorant user. Examples of fraudulent notifications are as follows:
If you click on such a notification, you will be redirected to the website with questionable content. This can include advertising for casinos and different apps on Google Play, discount, and voucher offer as well as fake online surveys and competitions, which vary depending on the location of the user. Examples of such websites are as follows:
Many of these
websites are involved in known fraudulent programs. Cyber
criminals are also able to launch an attack at any time to steal sensitive
data. A potential victim can click on a fake notification, go to a
phishing site and provide their name, login, password, email address, credit
card number, or other sensitive information.
Find the best free antivirus to protect your device from cybercriminals
Malware
analysts believe that cybercriminals will continue to actively use this method
to promote dubious services. Android users should therefore carefully
check websites for suspicious requests and unwanted notifications when they
visit websites. If for any reason, you have subscribed to unsolicited
spam notifications, you should do the following:
·
Go to «Settings» => «Website Settings» => «Notifications» in
Google Chrome.
·
Find the relevant website in the list, click on it and select
"Reset permissions" or "Delete".
Dr.Web products for Android finds and deletes all known modifications of Android.FakeApp.174. Therefore, the Trojan does not pose a threat to our users.


No comments:
Post a Comment