Doctor Web warns that owners of mobile devices running the Android operating system are threatened by a new malware β the Android.FakeApp.174 Trojan.
The malware downloads dubious websites into the Google Chrome browser, where users are subscribed to advertising notifications. Attackers use Web Push technology, which allows sites, with the consent of the user, to send notifications to him, even when the corresponding web pages are not open in a web browser.
Displayed notifications interfere with Android devices. Moreover, such messages may be mistaken for legitimate ones, leading to the theft of money or confidential information.
The Android.FakeApp.174 Trojan is distributed under the guise of useful programs, such as official software from well-known brands. Such applications have already been seen in the Google Play Store.
When launched, the malware loads a website in the Google Chrome browser, the address of which is specified in the settings of the malicious application. From this site, in accordance with its parameters, several redirects to the pages of various affiliate programs are performed in turn. On each of them, the user is prompted to allow receiving notifications.
After activating the subscription, sites begin to send the user numerous notifications of dubious content. They come even if the browser is closed and the Trojan itself has already been removed, and are displayed in the status bar of the operating system.
Messages can be of any nature. These can be false notifications about the receipt of funds, advertising, etc. When clicking on such a message, the user is redirected to a site with questionable content. These are advertisements for casinos, bookmakers and various applications on Google Play, offers of discounts and coupons, fake online surveys, fictitious prize draws, etc. In addition, victims can be redirected to phishing resources created to steal bank card data.
Source: 3dnews.ru