Category Archives: Leaks

Android Users Spammed With Fake Missed Call Alerts

Scammers abuse the notifications and push APIs on Android devices to send spam alerts that are customized to look like a missed call.

Both APIs are used on mobile devices for push notifications – short messages intended to re-engage the user. Messages can be triggered by a local application or server.

“The Notifications API lets us display notifications to the user. It is incredibly powerful and simple to use. Where possible, it uses the same mechanisms a native app would use, giving a completely native look and feel,” reads the description for the Notifications API.

Chrome’s icon change by the scammer

The Lookout’s KI Phishing Service has intercepted a phishing campaign that is currently sending messages to mobile users with a custom icon for the app that triggers the alert. In this case, it’s Google Chrome.

To hide the origin, the fraudsters changed the browser icon to display “missed call” as if it were a missed call notification. The message indicates that the user has an iPhone XS waiting for them.

This is powerful social engineering because users often rely on visual indicators to identify the source of a warning.

Jeremy Richards, a security researcher at Lookout, in a statement to BleepingComputer said “Scammers are looking to take advantage of the fact that we’re primed to identify certain icons we normally associate with system messages (in this case the icon of the telephone),”.

It is important to note that the message will only be displayed if the victim accepts notifications from the spam domain. This means that sites that have gained the trust of the user can be used for this type of phishing campaign.

The following is a brief list of domains that send spam via mobile device push notifications:

  • getitfree-samples.com
  • click4riches.info
  • consumertestconnect.com
  • foundmoneyguide.com
  • yousweeps.com

Not all notification spam uses this trick to change the browser icon. However, they contain messages tempting enough to make a few victims.

Same approach for desktops

Richards saw this activity on Android phones. Indeed, push notifications for Safari on iOS are currently not fully supported. However, the same approach is also suitable for the desktop. Safari and Chrome support web notifications can be used to create a fake card. If you quickly read the text and look at the Slack icon, you can easily convince the user to click on the alert and go to a phishing site that collects user credentials.

On mobile devices, the same warning is even more believable because of the name of Chrome, the app that triggers the alert, and the domain that sends spam. If the Chrome icon is changed, there is little evidence of tampering with the message because only the browser name and domain indicate the attempted fraud.

Peter Beverloo – Google software engineer has created a notification generator to test how a push card that appears on desktops and mobile devices. The tool allows you to enter a custom title and text for the message and add a selection of images like; icon, badge, picture, and actions.

Related Resources:

Simple Mitigation Tips For Securing Android E-Readers

Top Five Antivirus Apps for Your Android Smartphone

4 Most Recognizable Android Antimalware Apps You Can Install Today

How To Open Exe Files On Android Phones

First 5 Things To Do After Activating A New Android Device

The post Android Users Spammed With Fake Missed Call Alerts appeared first on .

Another NSA Leaker Identified and Charged

In 2015, the Intercept started publishing "The Drone Papers," based on classified documents leaked by an unknown whistleblower. Today, someone who worked at the NSA, and then at the National Geospatial-Intelligence Agency, was charged with the crime. It is unclear how he was initially identified. It might have been this: "At the agency, prosecutors said, Mr. Hale printed 36 documents from his Top Secret computer."

The article talks about evidence collected after he was identified and searched:

According to the indictment, in August 2014, Mr. Hale's cellphone contact list included information for the reporter, and he possessed two thumb drives. One thumb drive contained a page marked "secret" from a classified document that Mr. Hale had printed in February 2014. Prosecutors said Mr. Hale had tried to delete the document from the thumb drive.

The other thumb drive contained Tor software and the Tails operating system, which were recommended by the reporter's online news outlet in an article published on its website regarding how to anonymously leak documents.