A friend asked me for help, saying some kind of “gambling app” had
managed to attach itself to his Android phone, and kept popping up all
the time. I figured he had been tricked into installing something, and
we would probably have to track down the app, which likely had some
innocuous name to obscure its purpose. Or possibly even worse, it had
managed to take advantage of some vulnerability in his OS version to
Turned out it was a bit simpler than that. It was a website he had
visited in Chrome (most likely following a link from an ad or
something), which had an interesting technique to prevent him from
getting away: it kept pestering him to allow it to access his location
data. The trick was, it had maybe a hundred (maybe more) different site
names of the form “«nn».example.com”, so when you blocked one, it would
simply ask again, the request coming from a different number for «nn».
The expectation obviously was that the user would eventually give up and
allow one of these sites access.
I was able to close the offending tab, but on quitting and restarting
Chrome, it would come back.
I figured out that his Chrome setting was to restore the last-visited
page(s) when Chrome was restarted, which was why this page kept coming
up. So I just turned off that setting. I thought maybe there was some
deeper malware that would just bring the problem back when that setting
was restored, and that he should consult somebody expert on more recent
versions of Android to see about a permanent fix. But he suggested
re-enabling that setting, just to confirm the problem was still there.
And I did. And it wasn’t!
So there was no obvious sign of any malware installation, it was just
the website itself, exploiting a quirk of browser behaviour, to gain a
lock on the user and blackmail them into giving up their location data.
Show replies by date