Researchers Expose PWA JavaScript Attack That Redirects Users to Adult Scam Apps

Avatar
Cybersecurity researchers have discovered a new campaign that employs malicious JavaScript injections to redirect site visitors on mobile devices to a Chinese adult-content Progressive Web App (PWA) scam. “While the payload itself is nothing new (yet another adult gambling scam), the delivery method stands out,” c/side researcher Himanshu Anand said in a Tuesday analysis. “The malicious landing

Cybersecurity researchers have discovered a new campaign that employs malicious JavaScript injections to redirect site visitors on mobile devices to a Chinese adult-content Progressive Web App (PWA) scam.

“While the payload itself is nothing new (yet another adult gambling scam), the delivery method stands out,” c/side researcher Himanshu Anand said in a Tuesday analysis.

“The malicious landing page is a full-blown Progressive Web App (PWA), likely aiming to retain users longer and bypass basic browser protections.”

The campaign is designed to explicitly filter out desktop users, primarily focusing on mobile users. The activity has been described as a client-side attack that uses third-party JavaScript and only triggers on mobile devices.

The use of PWAs, a type of application built using web technologies that provide a user experience similar to that of a native app built for a specific platform like Windows, Linux, macOS, Android, or iOS, is seen as an attempt to sidestep security protections.

The attacks involve injecting websites with JavaScript code that acts as a loader to trigger the redirection when the site is visited from devices running on Android, iOS, and iPadOS, among others.

The redirections are designed to lead the users to adult content websites or other intermediary redirect pages advertising apps for viewing adult content. The pages subsequently take the victims to a fake app store listing for the supposed Android and iOS apps in question.

“The use of PWAs suggests attackers are experimenting with more persistent phishing methods,” Anand said. “The mobile-only focus allows them to evade many detection mechanisms.”

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

 The Hacker News 

Total
0
Shares
Previous Post

Google Chrome Can Now Auto-Change Compromised Passwords Using Its Built-In Manager

Next Post

How to Detect Phishing Attacks Faster: Tycoon2FA Example

Related Posts

U.S. Dismantles DanaBot Malware Network, Charges 16 in $50M Global Cybercrime Operation

The U.S. Department of Justice (DoJ) on Thursday announced the disruption of the online infrastructure associated with DanaBot (aka DanaTools) and unsealed charges against 16 individuals for their alleged involvement in the development and deployment of the malware, which it said was controlled by a Russia-based cybercrime organization. The malware, the DoJ said, infected more than 300,000
Avatar
Read More

Europol Dismantles $540 Million Cryptocurrency Fraud Network, Arrests Five Suspects

Europol on Monday announced the takedown of a cryptocurrency investment fraud ring that laundered €460 million ($540 million) from more than 5,000 victims across the world. The operation, the agency said, was carried out by the Spanish Guardia Civil, along with support from law enforcement authorities from Estonia, France, and the United States. Europol said the investigation into the syndicate
Avatar
Read More