Geeks for your information News Privacy & Security News v
Push Technology Used in Mobile Attacks
Push Technology Used in Mobile Attacks
silversurfer Offline
Staff Member
******
Posts: 3,885
Threads: 3,283
Thanks Received: 5,064 in 3,838 posts
Thanks Given: 6,200
Joined: 12 September 18
#1
17 June 19, 17:47
Quote:Researchers have detected an Android trojan that abuses the web push technology. In its benign use, web push is used by legitimate websites -- such as news sites -- to send out new event notifications. The less benign use is to employ the technology to send out what amounts to phishing notifications.
 
Android.FakeApp.174 was discovered by Doctor Web researchers in two apps on Google Play. These have since been removed. The malware pretends to be the official app of a major brand. However, when the app is launched, it opens a series of websites in Chrome. Each website asks the user to allow notifications -- sometimes openly, and sometimes disguised as verification proof that the user is human and not a robot.
 
If notifications are allowed by the user, those websites start sending out dubious content. The notifications are received and displayed in the Android status bar even if the browser is closed, and even if the app has been removed. The contact is now between the website and the device -- and the user has given permission for the website to contact it. 
 
The content delivered is dubious to say the least, "from false notifications about cash bonuses or transfers or new messages on social media to advertisements of horoscopes, casinos, goods and services, even various 'news'." Since the attacker has control over the notifications, it could be anything. Examples found by Doctor Web include links to casino sites, adult sites, phishing sites, and snake oil medicines.

"Many of these resources," warn the researchers, "are involved in well-known fraudulent schemes for stealing funds, but attackers can also launch an attack to steal confidential data at any time. For example, by sending an 'important' notification via the browser on behalf of a bank or a social network. Potential victims can think the fake notification is real and tap it only to be redirected to a phishing site, where they will be prompted to indicate their name, credentials, email addresses, bank card numbers, and other confidential information."

SOURCE: https://www.securityweek.com/push-techno...le-attacks
[-] The following 1 user says Thank You to silversurfer for this post:
  • harlan4096
Find
Reply


Messages In This Thread
Push Technology Used in Mobile Attacks - by silversurfer - 17 June 19, 17:47

Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:

[-]
Recent Posts
Intel Arc G3 Panther Lake series for han...
Intel G3 with LPDD...harlan4096 — 07:32
Core Ultra 7 270K Plus and Ultra 5 250K...
Intel reportedly ‘ca...harlan4096 — 11:27
Core Ultra 7 270K Plus and Ultra 5 250K ...
Intel’s Core Ultra...harlan4096 — 11:09
Adobe Acrobat Reader DC 2025.001.21184
Adobe Acrobat Read...harlan4096 — 10:45
Manjaro Linux 26.0.2 Build 260206
Manjaro Linux 26.0...harlan4096 — 17:06

[-]
Birthdays
Today's Birthdays
avatar (49)tsorenHievy
Upcoming Birthdays
avatar (47)hapedDow
avatar (46)komriwat
avatar (38)showercurtains
avatar (49)PeterWhink
avatar (50)neuthrusBub
avatar (30)script6027529171
avatar (46)myhotseeve
avatar (46)Edwinmub
avatar (46)dimaWeami
avatar (41)svoyaEnuct
avatar (39)TranoTymn
avatar (39)MezirLal
avatar (50)listfquoto
avatar (46)dima6sarPrave
avatar (38)Michaelaburi
avatar (46)dpascoal
avatar (51)Ronaldduh
avatar (39)legalgauch
avatar (44)Baihu
avatar (27)RaseinsLikes

[-]
Online Staff
There are no staff members currently online.

>