Popular mobile browsers were found vulnerable to address bar spoofing attacks.
Address bar spoofing attacks can be used by hackers to launch spear-phishing attacks and delivering malware. The browsers that were impacted include UCWeb, Yandex Browser, Bolt Browser, and RITS Browser.
UCWeb and Bolt Browser remain unpatched as yet, while Opera Mini is expected to receive a fix as the respective organizations have informed. Hackers are using malicious javascripts to exploit the address bars of famous web browsers.
Malicious executable JavaScript code in an arbitrary website are used to force the browser to update the address bar while the page is still loading to another address of the attacker’s choice. Attackers are basically setting up malicious websites and are luring the users to visit them.
These sites lead the user into opening the link from a spoofed email or text message, thereby leading an unsuspecting recipient into downloading malware or risk getting their credentials stolen.
NPAV recommends users to always pay attention to the URLs and address bar texts while visiting a site. Downloading or accessing any site must only be done if you are completely sure about its legitimacy. Fake sites can launch various spear phishing and malware attacks on your system.
Install NPAV on your device to keep them protected from all kinds of cyber attacks. Use NPAV and join us on a mission to secure the cyber world.