There is a huge problem with spammy push notifications that trick users into accepting push notifications by using fake media players and fake CAPTHAs that if accepted will push all manner of SPAM on victims devices that say they have multiple viruses that pull up Google play store app to some bogus Cleaner/antivirus apps.
The push notifications are hosted on Cloudfront using AdMaven and AdFly and AppNexxus.
I have been trying to report these criminals for a couple of years now with no luck.
Cloudfront refuses to take down the script that AdMaven uses and AdMaven, AdFly, AppNexxus and Proppelerads all ignore multiple attempts to contact.
If you find these in the wild, your best bet may be to report them to Google's Safe Browsing service (and probably Microsoft's one as well). CloudFront doesn't need to take action if the specific subdomain gets flagged for malicious content. These lists actually have an incentive to block malicious sites, unlike hosters like Cloudfront/AdAnythingReally that want to be involved as little as possible. The more of their domains get reported, the more screwed these hosts are, because at some point their actual business will start to get affected.
We've heard great things from patients about the VA program for sleep apnea, and we're looking to incorporate best practices from their published studies into our care protocols.
Walgreens has always tried to harvest every single penny they could squeeze from their customers, mainly by selling the customers PII to anyone and everyone, so this is no big surprise to me.
It reminds me of the obnoxious talking gas pumps that play ads while you’re filling your car.
At first there used to be a “mute” button to where you could silence the crap and all the plastic was worn away from everyone mashing it trying to shut it up.
Now I no longer see any option to mute the ads.
I hate ads with a passion and won’t allow them to run on my devices.
Mainly for security and privacy but the aggravation they cause is palpable.
Whenever I work on someone else’s computer and open a web browser I am in shock that people can even concentrate with all the garbage on the screen.
I have found that rather than finding a way to sneak ads in, most non browser apps will just detect that the ads are missing and throw up an error refusing to display the content.
I came here to say the same.
I even purchased a LAN throwing star to look to see if my Asus router was sending anything to TrendMicro but never did get around to it.
Google is complicit in this by their refusal to ban larger app developers that create malicious apps.
Google may kick the malicious app off the play store for a couple weeks and make the developer remove the malware (or obfuscate it better) but then allows the app(s) back to the play store.
There is a huge malvertising campaign targeting mobile users (especially Android) that tricks users into accepting push notifications with fake CAPTCHAs or fake media player buttons that push malicious ads and mobile malware and can even lead to botnet activity.
For the past couple years, every time I visit my mom I borrow her phone and unsubscribe her from a bunch of push notification spam senders. It is way too easy to allow these notifications.
Reading the messages in that bug tracker from ecommerce sites, I really do wonder how many of their customers genuinely want pushes for coupons and ads vs how many just see a "you need to click some button to get on with things" and accept because that's just how computers seem to work for them.
Then again, I'm perpetually cynical on these because I don't want push notifications for anything that doesn't actually warrant an inturruption to my daily life. I'm not 'settling for email' as one ecommerce marketer puts it. If you are sending your email content to notifications, then my notifications will just become another email inbox and lose their value.
But they're obviously different. I don't want to disallow notifications for every website I interact with, but if you aren't telling me what kind of notifications these are, I don't really have much to work with here.
Why not push notification for PWA to start with? the user buys a 1k phone, finds an app that an indie developer/solopreneur built as PWA to lower the cost, install the app willingly on their device but discover the experience is lacking because....:
Apple wants to milk the users and developers for money in the name of privacy. And on top of that, we've outsiders defending them!
Also AdFly does it too. For an example, go to https://firfox.com on Android. Depending on the campaigns active at the moment, you'll probably get pages trying to get you to enable push and or download VPNs or "antivirus" apps. (Especially Norton) On Windows Firefox, you sometimes get the "Your computer has a virus!!! Call our number!!!" sites too.
I mean, they can likely correlate that from their logs when you hit twitter and post if they really want to do that. Combine that with the info I bet Twitter sells on its users and it's got to be easy.
What’s also very interesting is that the article links to page from TrendMicro about malicious Android apps using Java’s version of SSH to infiltrate internal corporate networks.
TrendMicro’s own Android app ALSO contained the same Java SSH sdk.
There is a huge problem with spammy push notifications that trick users into accepting push notifications by using fake media players and fake CAPTHAs that if accepted will push all manner of SPAM on victims devices that say they have multiple viruses that pull up Google play store app to some bogus Cleaner/antivirus apps.
The push notifications are hosted on Cloudfront using AdMaven and AdFly and AppNexxus.
I have been trying to report these criminals for a couple of years now with no luck.
Cloudfront refuses to take down the script that AdMaven uses and AdMaven, AdFly, AppNexxus and Proppelerads all ignore multiple attempts to contact.