Launching Phishing and Spam attacks on Android with Customized Notifications
by Sencun Zhu and Zhi Xu
Existing notification service on Android is lack of view authentication information. Any installed app could abuse the notification service to launch phishing and spam notification attacks. Further, by customizing the displayed notifications carefully, the sender app can prevent being tracked by victim smartphone users.
Notification service is a popular system service provided by Android platform to third party apps. To facilitate the app development, Android allows the installed third party apps to send customized notifications while running in the background.
In this article, we show that it is feasible for an installed trojan app to launch both phishing and spam attacks using notification services while hiding it from being noticed by the phone user. For example, an installed trojan app may generate a fraudulent notification that mimics the Facebook notification and leads the user to a fraudulent login view that steals the Facebook account and passwords. Also, it can send annoying unsolicited ads anonymously without exposing its identity.
- Register, accept the Disclaimer and choose subscription option.
By choosing the Free Account option you will only be able to download the teaser of each issue.
- Verify your account using the verification link sent to your email address.
- Check the password sent on your email address and use it to log in.
- Click the download button to get the issue.
IMPORTANT: the registration on the website includes subscription to our newsletter.