dfndr News

dfndr lab Uncovers Potentially Malicious Google Chrome Scam

Hackers never seem to rest; luckily for you, neither does the security team at dfndr lab. Recently, our team discovered a new technical loophole within Google Chrome that may lead to unauthorized use of your device. The latest scam takes advantage of the popular web browser’s notification system; drowning users in permission requests until they give in out of pure exhaustion. How does such a scam work, and how does it aim to hijack your Android device with malware?

A Dangerous Loophole in Chrome
When a website wishes to deliver notifications to your device from within Google Chrome, a small popup will appear on your screen. From here, users can either select to ‘Allow’ or ‘Block’ the website from displaying such content. Chrome is now supposed to log your decision and prevent the site from asking you again, but there’s a problem – clever web programming has found a way around this system.

One method of fighting against this type of scam is to use dfndr security on your Android device. dfndr security offers a full virus scan and an advanced anti-hacking feature; these include scanning your device from top to bottom for malware, while also preventing dubious websites from touching your device by blocking malicious links. In a short period, the dfndr lab team has detected and blocked over 10,000 attempts of the Chrome-based scam.

Inner Workings of the Google Chrome Scam
The clever loophole behind the scam takes advantage of the fact that Chrome blocks a website from asking for permissions based on the primary domain, but not the subdomain. A subdomain is the part of a web address that proceeds the primary. For example, if you were to access, ‘www.login.yourbank.com,’ the ‘yourbank’ part of the address is the primary domain, and the ‘login’ part of the address is the subdomain.

Due to this flaw, if a website wants to ask for repeated permissions continuously, the site programmer can merely swap between multiple subdomains until the user chooses to allow consent. Research at dfndr lab has shown this practice of websites using a slew of subdomains is an attempt to force an individual into accepting.

But, how does this practice lead to your device becoming infected with malware and eventually hijacked? Once a malicious website displays notifications on your device, it can then attempt to showcase content that you think comes from your operating system. You might see what appears to be a valid prompt for an update, unknowingly tap on it, and download malware that could take over your device.

Staying Protected Against the Attack
Besides downloading an antivirus solution for your device, if you still stumble upon the scam, your best bet is to try and close out the webpage, so that it can no longer ask for permission requests. Do not give in to hitting ‘allow’ out of pure frustration, once you’ve done that, hackers are one step closer to infiltrating your Android.

PSafe Newsroom

The dfndr blog is an informative channel that presents exclusive content on security and privacy in the mobile and business world, with tips to keep users protected. Populated by a select group of expert reporters, the channel has a partnership with dfndr lab's security team. Together they bring you, first-notice news about attacks, scams, internet vulnerabilities, malware and everything affecting cybersecurity.