The Anti-virus Times

Monday, September 16, 2024

What we expect should happen: we open an online store page, one that we’ve visited a hundred times before from our mobile device, to check on seasonal discounts.

What actually happens: we end up on a completely different page that is prompting us to submit our personal information. We fill out the web form without giving it a second thought—in all likelihood this is now required in order to use the store's awesome new feature. And, by doing so, we open up for attackers an access portal to our mobile device or banking information.

To avoid dangerous situations like this, Doctor Web offers a solution for smartphone and tablet users: you can check links to make sure they aren't malicious before you open them on your device.

In this publication, we will talk about threats associated with mobile redirects and how to protect against them.

A never-ending trend

Doctor Web has been observing an unchanging trend on the Internet: some websites redirect mobile device users to other bogus sites (even though the owners of these sites never intended for this to happen). That's essentially what mobile redirects are.

While desktop computer users aren't affected as much by it, mobile device owners are in real danger as their devices are primary attack targets.

How the virtual trap works

Imagine that your favourite news portal suddenly starts redirecting you to weird webpages. It's not a technical error, and there is malicious intent behind it. Compromised sites can be set to redirect users to fraudulent or phishing pages and thus give attackers ample opportunities to implement insidious schemes aimed at stealing data from a target device.

The technical side of the problem

Most sites are accessed and managed via CMSs (content management systems). These solutions offer a convenient way to create and modify digital content, which makes the lives of designers and programmers easier and also saves them a lot of time.

However, CMS software is often distributed under the terms of public licenses, meaning that a system can be freely examined by anyone, including hackers. Literally anyone can examine a CMS's source code, identify a vulnerability and leverage it to deploy malicious scripts on a site's pages. Of course, accomplishing that requires certain skills.

It is also worth mentioning that open source does not always mean that more vulnerabilities will be found. With strong determination and sufficient resources available, it’s possible to find loopholes in proprietary software as well. However, Open Source products are potentially more likely objects for malicious research.

But what do smartphones and tablets have to do with all this?

It's a common trend for attackers to primarily target mobile devices. As a result, a site remains perfectly safe to visit from desktops and laptops but becomes a threat to smartphone and tablet owners as soon as they attempt to visit it.

Hazards and consequences

Imagine this: a smartphone user opens a site that they wish to visit, but it has been compromised and redirects them to another phishing or fraudulent destination. Or instead, malware gets downloaded automatically to their device.

We discussed various fraudulent schemes and the ways to avoid them in our previous publications.

Let's talk about other types of mobile threats that can spread from bogus sites:

• SMS-sending trojans. These malicious programs send messages to paid numbers to withdraw money from the device owner's mobile carrier account. Trojans are often disguised as legitimate apps or have their code embedded in other downloaded applications.
• Spyware. It steals confidential information. It can record keystrokes, acquire passwords, listen in on conversations, and access personal data such as contacts and messages. The information it gathers may be used in various fraudulent schemes.
• Adware. Users often install apps of this kind themselves, without understanding what these programs can actually do. Adware displays annoying and sometimes outright malicious ads, which may have an adverse impact on the user experience and the device's performance.
• Banking trojans. These malicious apps steal financial data including online banking account information and passwords. They also intercept user input in banking apps or on websites and relay the stolen data to perpetrators, allowing them to gain unauthorised access to bank accounts and steal money.

Mobile threats are quite diverse. SMS-sending trojans, spyware, and adware are various types of malware and unwanted software, and each poses a serious security and privacy risk to users. Being aware of such threats and taking proactive measures to protect your devices and personal data is essential for minimising the risk of unwanted exposure.

How to protect yourself

To avoid the hazards caused by mobile redirects and to never end up in places you don't want to be, follow a few basic but effective recommendations.

1. Don't hold off until it's already too late. Install a reliable antivirus app. In the case of Android, we suggest Dr.Web Security Space for mobile devices. This app protects Android smartphones and tablets, as well as Android TV devices, from all types of malware, including encryption ransomware, dangerous content, and unwanted calls and SMS.
2. Be careful whenever you open a new webpage. If you see suspicious notifications or get redirected unexpectedly to another location, don't act instantly without thinking.
3. Check the specific links. You can use the special service on our website to check URLs. We also encourage site owners to host link checking web forms on their webpages, which will enable visitors to quickly examine suspicious sites for issues that include the presence of redirection scripts.