PushBug’s Widespread Push Notification Abuse In The Wild

It is being reported that an increasing number of websites are asking visitors to approve “notifications,” browser modifications that periodically display messages on the user’s mobile or desktop device. In many cases these notifications are benign, but several dodgy firms are paying site owners to install their notification scripts and then selling that communications pathway to scammers and online hucksters.

Subscribe
Notify of
guest
1 Expert Comment
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Reesha Dedhia
Reesha Dedhia , Security Evangelist
InfoSec Expert
November 18, 2020 12:52 pm

As we have seen frequently, the digital ad and affiliate world is not always a safe world, which can lead to security risks, something certain push notification vendors are inviting with their advertising monetization- based push services. Ad networks, focused on monetization for their business, often don’t do their due diligence and sell ads to bad actors. Just like the ad networks, these bad actors also have monetization goals. All of this is of course – at the expense of end-users. Browsers are like the new supercookie, with users often downloading extensions and malware unknowingly, putting their privacy and data at risk.

Industry statistics show that up to 20% of online users have been exposed to malware from browser extensions and ad injections. Users, exposed to browser malware, come to an e-commerce site to shop but are interrupted with malicious distractions in the form of ads, notification pop-ups, and banners. These pop-ups have been redirecting shoppers to competitors or malicious third-party sites and displaying malicious ads and content. This not only puts the user at risk to their privacy and customer experience but also impacts the business’ site. This can lead to conversion loss, damaged brand reputation, and loss of revenue. While users should work to keep their browsers updated, businesses should look for solutions that can detect browser-based malware and quickly take action to block malicious activity on their site.

Last edited 2 years ago by Reesha Dedhia
1
0
Would love your thoughts, please comment.x
()
x