Security researchers discovered yet another Android Trojan that uses push notifications to trick users into subscribing to dubious sites. The Trojan is known under the Android.FakeApp.174 detection name.
Android.FakeApp.174 In Detail
Android.FakeApp.174 uses Google Chrome to load questionable websites that subscribe users to advertising notifications, said researchers at Dr. Web. What is mostly annoying with this Trojan is that the notifications appear even when the browser is closed. This way, they may be mistaken for system notifications, increasing the chance for interaction. Affected users may lose money and confidential information, researchers warn.
There have been multiple cases of cybercriminals and scammers taking advantage of the otherwise useful Web Push technology. Scammers are widely abusing the technology by spreading advertising and fraudulent notifications that stem from hacked or malicious websites.
According to the researchers’ report, Android.FakeApp.174 is one of the first Trojans that helps attackers increase the number of visitors of fraudulent websites and subscribe users of smartphones and tablets to such notifications.
Not surprisingly, the Trojan is distributed with the help of useful programs. But how does Android.FakeApp.174 operate?
Once the Trojan is launched, it will load a specially crafted website using the Chrome browser. Depending on its parameters, the website is set to perform several redirects to pages of various affiliated programs. These pages are prompting the user to allow push notifications, hiding their true intensions under the pretense of verification purposes. Through this method cybercriminals are increasing the chances of successful subscriptions.
What happens after the user has subscribed? The websites start sending out a large number of notifications of suspicious nature.
Notifications are visible in the status bar of the operating system even when the browser is closed and the Trojan has been removed. “The contents can be anything, from false notifications about cash bonuses or transfers or new messages on social media to advertisements of horoscopes, casinos, goods and services, even various “news,” the researchers warned.
It’s important to note that the notifications associated with Android.FakeApp.174 look like real notifications of online services and apps installed on the compromised device, such as logos of banks, dating websites, news agencies, social networks, banners. The number of received notifications is very high.
Once the user has clicked on one of these notifications, he/she will be redirected to a suspicious website that may be promoting casinos, betting shops, various Google Play applications, discounts and coupons, fake online polls and prize drawings, aggregators of partner links, and other online resources that vary depending on the country of residence of the user, the report noted.
Security researchers believe that cybercriminals will utilize this method more actively in the future to promote their dubious services.
If you have subscribed to such notifications, you can do the following:
1. Go to the Google Chrome settings, select “Site Settings” and then “Notifications”;
2. On the list of websites with notifications, find the website address, tap it, and select “Clear & reset”.