Chinese Adult Content Scam Targets Mobile Users Through PWA Injection
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
A new injection campaign has been identified that exploits third-party JavaScript to redirect mobile users to a Chinese adult-content Progressive Web App (PWA) scam. The attack specifically targets mobile devices, injecting a viewport meta tag and an ad overlay with click-hijacking functionality. The scam utilizes PWAs to increase user retention and bypass basic browser protections. The compromised websites are disguised as novel reading platforms, with the malicious code now being encrypted. The attack flow involves an initial loader script, which triggers the redirect on mobile devices while ignoring desktop visits. The payload script ensures mobile rendering, creates an overlay with deceptive elements, and opens the scam site in a new tab upon interaction.
OPENCTI LABELS :
mobile,scam,pwa,click-hijacking
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Chinese Adult Content Scam Targets Mobile Users Through PWA Injection