An attack method has been discovered that disguises the notification permission button as a 'I'm not a robot' button and clicks it to deliver fraudulent notifications
When searching on the Internet, you may see a button to prove that you are not a bot, such as 'I am not a robot.' These bot censorship systems are called 'CAPTCHAs,' but an attack method has been discovered in which a 'notification allow button' is falsely labeled as a CAPTCHA button to trick users into accepting notifications and deliver fraudulent advertisements. This attack is believed to be related to Russia's '
Inside a Dark Adtech Empire Fed by Fake CAPTCHAs – Krebs on Security
https://krebsonsecurity.com/2025/06/inside-a-dark-adtech-empire-fed-by-fake-captchas/
When Kehr meets VexTrio – Qurium Media Foundation
https://www.qurium.org/forensics/when-kehr-meets-vextrio/
Doppelganger was a Russian government-led espionage network that spread disinformation with the goal of 'spreading Russian propaganda' and 'undermining international support for Ukraine.'
FBI seizes 32 domains from Doppelganger, a Russian operation network that ran a disinformation campaign in the presidential election - GIGAZINE
As a result of the security company Qurium 's further analysis of Doppelganger, it was found that Doppelganger was using a technique called 'cloaking,' in which 'websites are inserted into the web pages of search engines such as Google, in addition to the content that is shown to humans, and the search engines mistakenly believe the site is safe, allowing them to remain at the top of search results for a long time.'
In addition, it was discovered that the Swiss ISP used by the Doppelganger to cloak itself hosted the domain of an affiliate marketing service called 'TacoLoco.co,' which carried out the CAPTCHA attacks.
Below is a screenshot of a CAPTCHA attack published by security expert Brian Krebs . A pop-up appears at the bottom of the screen requesting permission to send notifications, and an illustration of a robot is placed on top of it saying, 'Press 'Allow' to prove you're human!'
Another variation has also been discovered that displays the message, 'Please press 'Allow' to verify that you are not a robot.' Following this guidance and tapping 'Allow,' notifications are enabled, and notifications such as 'fake virus infection warnings' and 'misleading messages' are sent.
To avoid being attacked, Krebs recommends taking measures such as 'refraining from allowing notifications while browsing websites' and 'disabling browser notifications.'
Related Posts:
in Web Service, Security, Posted by log1o_hf