Push Notifications Essentials: Security Risks and How to Block Them On Your Browser

We all know by now about push notifications because most browsers, sites, and even apps use this form of marketing in order to get more ‘in your face’. Even though push notifications are not a bad idea in general (unless overused), they can sometimes get on the nerves.

Nowadays we can’t surf the Internet and click anything. First of all, you have to click to allow cookies or a GDPR agreement, then click some more to close all the other pop-ups and ads.

Normally, this is all you have to do to get rid of them. Just make 5-6 clicks and you’re good. But recently, push notification started being more broadly used. Sadly, now they are harder to get rid of.

On an even more alarming note, push notifications aren’t simply annoying and intrusive. They might also bring dangerous malware. Read on to learn more.

Hidden risks of push notifications

The goal of malware within the push notifications can deliver a flood of ads or help hackers steal your money, data, or identity.

Fairly recently, a new Android Trojan malware was a great problem for mobile phone users – it delivered malvertising campaigns. The malware, called Android.FakeApp.174, was brought by a number of fake apps that were imitating real apps. The apps were deleted from the Google App Store as soon as the malware was found, but it has already spread by that moment.

The push notifications that were constantly appearing were so aggressive that they basically took over the users’ phones – the phones couldn’t function.

This kind of advertising is quite common for malvertising campaigns. This type of malware keeps urging advertising onto users, despite the fact that such ads won’t make you buy anything since they are so annoying. But it’s ok for the hackers as they exploit a pay-per-view advertising program. And if they can steal some data along the way, even better.

In case of the malware which was mentioned above, Android.FakeApp.174, the purpose was not only to flood users with malvertising, but also to lead them to scam websites. Because of this, some users even entered sensitive info on phishing forms.

Your PCs could also be targeted in such campaigns in the past. A famous malware redirected users to the Push-notification.tools site while they were browsing.

The malware was blocking everything that you wanted to browse using the pop-ups inviting you to click ‘Allow’. If you surrendered and did it, you gave the malware an easy entry to your computer to deliver all kinds of spam.

Typically, this type of malware enters your PC when you’re trying to download ‘free’ software from torrents or similar sources of illegal content. So stay away from such content. Pretty much the only things that are free on the internet are problems.

Review push notifications in your browsers (and erase them)

Have you been getting questionable push notifications and now you’re not sure whether they are malware?

It’s ok, deleting push notifications (if they are legit) is easy. Here is how. (For malicious notifications, things get more complicated).

If you’re using Google Chrome, go to Settings => content => notifications, or just copy this link and paste it into the browser address:

chrome://settings/content/notifications?search=notifications

This will show you the websites that are allowed to send you notifications, and the websites you blocked such notifications from. Click the vertical dots bar of any sites you don’t want to get push notifications from and select ‘Remove’.

If your browser is Mozilla Firefox, you should do almost the same thing. Settings => content => notifications. There you’ll find all the websites you allowed pop-ups from. There’s also a No Notifications default option in your browser if you’d like.

If you’re using Safari, Opera, or other browsers, it will be easy for you to find the way to review push notifications, just look at your browser settings.

Can Ad Blockers help?

Some people use ad blockers to make their digital life easier. They simply install an extension and block the ads, for good. This works, and it’s safe, so if you want to try this method, install the Ad Block Plus extension, for example.

However, this method has its flaws. First, push notifications might sometimes be useful. Secondly, adblockers block all on-page ads, and some of them can be valuable for you, too.

Conclusion

To sum up, there are different paths to choose from when it comes to defending yourself from push notifications. The most important thing is just not to let them be.