Chinese Adult Content Scam Targets Mobile Users Through PWA Injection
May 22, 2025, 3 p.m.
Description
A new injection campaign has been identified that exploits third-party JavaScript to redirect mobile users to a Chinese adult-content Progressive Web App (PWA) scam. The attack specifically targets mobile devices, injecting a viewport meta tag and an ad overlay with click-hijacking functionality. The scam utilizes PWAs to increase user retention and bypass basic browser protections. The compromised websites are disguised as novel reading platforms, with the malicious code now being encrypted. The attack flow involves an initial loader script, which triggers the redirect on mobile devices while ignoring desktop visits. The payload script ensures mobile rendering, creates an overlay with deceptive elements, and opens the scam site in a new tab upon interaction.
Tags
Date
- Created: May 22, 2025, 1:09 p.m.
- Published: May 22, 2025, 1:09 p.m.
- Modified: May 22, 2025, 3 p.m.
Indicators
- www.akav50.top
- https://xxsmad6.com/static/union/images/close.png'
- https://xxsmad6.com/static/union/images/b-5.png'
- https://xxsmad6.com/s.php?g=1&t=2&p=1388&i=
- https://xxsmad6.com
- https://xjdm166.com/html/?p=1388
- https://xjdm166.com/html/#/i/home
- https://www.akav50.top/list/z32x7npd
- https://www.akav50.top/list/yn2k0ypd
- https://www.akav50.top/list/r42r7opq
- https://www.akav50.top/list/q5o9gx5w
- https://www.akav50.top/list/oq5dd058
- https://www.akav50.top/list/mqp10w2x
- https://www.akav50.top/list/l50dx72e
- https://www.akav50.top/list/92qlr9pn
- https://www.akav50.top/list/32xdq1pd
- https://www.akav50.top/list/1dpy76pv
- akav01.top-akav60.top
- xjdm166.com
Additional Informations
- China