216.73.216.78

Chinese Adult Content Scam Targets Mobile Users Through PWA Injection

· Published 22/05/2025 13:09 · Modified 22/05/2025 15:00

Export JSON

Essential information

Published
22/05/2025 13:09
Modified
22/05/2025 15:00
Tags
2025-05-22 click hijacking mobile pwa scam
Related entities
19 observables, 3 techniques (mitre), 1 others

Description

A new injection campaign has been identified that exploits third-party JavaScript to redirect users to a Chinese adult-content Progressive Web App () . The attack specifically targets devices, injecting a viewport meta tag and an ad overlay with click-hijacking functionality. The utilizes PWAs to increase user retention and bypass basic browser protections. The compromised websites are disguised as novel reading platforms, with the malicious code now being encrypted. The attack flow involves an initial loader script, which triggers the redirect on devices while ignoring desktop visits. The payload script ensures rendering, creates an overlay with deceptive elements, and opens the site in a new tab upon interaction.

External references