Seen Ad Pop-up’s in Your Mobile Browser Lately?

by

Share this news now.

by Armando Orozco

Today, one of our Webroot SecureAnywhere for Android users reported seeing ad redirections while browsing on his Android device. As we began investigating, we noticed that there were a lot of other mobile users seeing the same thing – yes, on their iPhones as well! We were also able to reproduce the behavior on our devices.

This appears to be a clever Ad redirection using JavaScript. The pop-ups are survey offers for free electronics like iPads and iPhones. The users are asked to complete a survey, at the end of which their email address and phone number is also recorded. I know we’ve all seen these pop-ups before, but we’re not used to seeing them in our mobile world.

These pop-ups are not related to any apps you may have installed – they are a result of how the web page was written. Web developers use “alert()” function in JavaScript, which displays a message box requesting response from a user. The advertisers utilize this method to display their ads.

We are still investigating this issue and hope to track down the advertisers responsible. There does not appear to be anything malicious about these pop-ups for the time being, but we are sure malware authors will employ this tactic soon. With the rash of Rogue Applications and the recent discovery of a Rogue AV app (blog coming soon), we can see how this method could be exploited with malicious intent. Again, these are not platform or application-specific behaviors.

To remedy these pop-ups, you can disable JavaScript in your browser settings.

Thanks to JohnDeth of our Webroot Community for bringing this to our attention.


Share this news now.

Tags:



About the Author

Name: Armando Orozco
Role: Retired ThreatBlog Member

Share this news now.

Armando Orozco was apart of the Webroot threat team as the mobile technology expert, threat detection specialist, and an all-around good guy. When he wasn’t wrestling threats you could find him hanging out with his son.


Share this news now.