You know it’s serious when even scammers start developing “apps” for their fake schemes. Innovation, but make it evil.
In this publication, we’re diving into a sneaky mobile-focused scam that’s fooling users with fake Progressive Web Apps (PWAs) disguised as adult content platforms. It’s clever, dangerous, and specifically targeting your mobile device.
Cybercriminals are injecting malicious JavaScript into websites to redirect mobile users to fake app stores promoting a shady adult-content PWA — all while dodging security protections.
How It Works:
Let’s break it down:
- Malicious JavaScript is injected into legitimate websites — usually through third-party scripts.
- The script detects if a user is on a mobile device (Android, iOS, iPadOS) and ignores desktop traffic entirely.
- Mobile users are redirected to adult-content pages promoting a fake app via an app-store-like interface.
- The landing page is actually a Progressive Web App — a type of website that looks and feels like a native app.
- The fake PWA encourages users to “install” it, potentially leading to phishing attacks or malware installations.
According to c/side researcher Himanshu Anand, “The use of PWAs suggests attackers are experimenting with more persistent phishing methods. The mobile-only focus allows them to evade many detection mechanisms.”
Who’s Targeted:
The attack focuses solely on mobile users, particularly those browsing casual websites that rely on third-party scripts — think blogs, forums, or news aggregators.
There’s no specific age or region being singled out, but the lure of adult content means the scam is baiting the curious or careless clicker — anyone using their phone to browse late at night, really.
Real-Life Example:
In recent analysis, researchers found the malicious code quietly running on mobile versions of compromised websites. It only triggered redirects for users on Android or iOS, sending them to what looked like an app store page.
The supposed app wasn’t hosted on Google Play or the Apple App Store, of course. It was a PWA — which means it didn’t need store approval to install and could function like a real app, making the scam even more believable.
Why You Should Care:
Here’s the kicker — even tech-savvy users can be fooled.
Because PWAs mimic real apps and run in your mobile browser, they can:
- Bypass app store protections
- Collect sensitive data like login credentials or personal info
- Linger on your phone once installed, behaving like a native app
- Evade antivirus software, especially if it’s focused on traditional apps
Worse, malicious PWAs could also access your notifications, location, and even microphone or camera if permissions are granted.
How to Protect Yourself:
• Avoid “installing” apps from unknown web pages – Stick to the official app stores (Google Play, Apple App Store).
• Use content blockers and script protection – Browser add-ons like uBlock Origin can block malicious JavaScript injections.
• Clear your mobile browser cache often – This reduces the chance of malicious service workers staying active in your browser.
• Stay skeptical of adult content redirects – If you’re being redirected from a legit site to an adult app, something’s not right.
• Use mobile antivirus or browser security apps – Some can now detect and block malicious PWAs.
Quick Tips & Updates:
Quick Tip #1: “Did you know? PWAs can still run in the background on your phone even after you close the browser — if you ‘install’ them.”
Pro Tip: “Turn off ‘Install Unknown Apps’ permissions on your Android phone to block rogue installations.”
Stay safe, stay informed.
Keywords:
• Progressive Web App (PWA) – A type of web application that mimics the behavior of native mobile apps.
• JavaScript Injection – A method hackers use to insert malicious code into websites.
• Mobile Redirect Scam – A scheme that only affects users on mobile devices, usually to trick them into installing fake apps or visiting malicious sites.
• Client-Side Attack – A cyberattack that happens within the user’s browser, often unnoticed.
• Phishing – A form of scam where users are tricked into revealing personal information or credentials.
To read more, kindly find source article here