According to a new report Sophos, cybercriminals have evolved attacks /scams related to fake alerts and target mainly mobile device users.
His research Sean Gallagher, a senior threat researcher at Sophos, showed that “the vast majority”Of false notifications to malvertising campaigns aims users mobile devices. This is partly due to the fact that mobile phones are increasingly used and are constantly connected to Internet. In addition, the hackers can more easily attack mobile devices than desktops. For example, the iOS Safari accessibility feature allows pop-up ads to make phone calls to attract victims and lead them to a malicious application in the corresponding application store.
Gallagher added that most of the fake iOS alerts related to App Store apps, supposedly vpn and site blocker tools. All of these apps included in-app purchases and asking for money after the trial period.
The study also showed that in recent years scammers targeting computer users use more automated targeting techniques. In the past, fraudulent phone calls were very common. Now, fake alerts are made with malicious ads, phishing campaigns, fake sites etc.
Additionally, malicious / fake alerts that appear as pop-up / pop-under ads, such as PopCash.net and PopAds.net, spread through legitimate advertising networks.
"At least on the desktop, there are many ways to avoid a fake alert", Commented Gallagher. "The problem in mobile Appliances, however, remains. Although the Apple and Google have tried to catch scammers so that they can not easily take advantage of the browser to violate the privacy of their users and install unwanted applications, defenses against pop-up alerts remain weak and integration of malicious people applications in app stores are still a problem. Protection against malvertising is increasing on the desktop. Therefore, more and more fraudsters will focus on the weaknesses of mobile devices".