Push Notifications 101: Security Risks and How to Disable Them Across Devices
The Malware Which Can Hide in Push Notifications. How to Get Rid of Unwanted Notifications in Browsers and Apps
We’re all acquainted by now with push notifications since most browsers, website, and apps are using this form of marketing as a way of getting more ‘in your face’. While push notifications per se are not a bad idea (when used sparingly), I think we can all agree that they tend to overdo it.
If a few years ago you could confidently click on a link, open a page and read or watch what you came there to see, nowadays you can’t. First, you need to click to accept cookies or a GDPR agreement, then click a few more times for closing all the other pop-ups and ads which stream forth.
Usually, this is enough to get rid of them. Just go through the 5-6 clicks routine and then the view clears up. But lately, push notification emerged and started being more and more widely used. Unfortunately, these are harder to get rid of once they start pouring through.
Even more troubling, push notifications are not just annoying and intrusive when unrequested. They can also carry dangerous malware. The purpose of malware hidden in push notifications is either to deliver a flood of more ads (malvertising, such as the recent SundownEK campaign) or to actually help hackers break into your accounts and steal your money, data or identity.
Serious Concerns about Malware in Push Notifications
As recently as last month, a new strain of Android Trojan malware was putting serious pressure on mobile phone users by delivering malvertising campaigns. The malware, dubbed Android.FakeApp.174, was delivered by multiple fake apps imitating legit apps. Those were taken down from the Google App Store once the malware was discovered, but the infection already spread by then.
The push notifications that just kept coming and coming were so aggressive that they eventually took over users’ phones. So much of the system’s resources were used for displaying these ads, that no bandwidth remained for using the device for its intended purposes.
This type of advertising deluge is typical for malvertising campaigns. This refers to the type of malware that keeps pushing advertising onto users, regardless of the fact that users will not be persuaded by the ads since they are so annoying. The purpose is not for you to be convinced by the ads, but for the hackers to exploit a pay-per-view advertising program. They earn money just by having their ads displayed, and they created the malvertising hack just to cheat the system and make more money with their unstoppable spam. If they can also steal some data while they’re at it, all the better.
In the case of the Android.FakeApp.174 malware I mentioned above, the purpose of the campaign was not to just flood users with malvertising, but also to direct them towards scam websites. This way, some users even fell for scams and entered sensitive info on phishing forms which were mimicking legit email and banking service sites.
Classic PCs were also targeted by similar campaigns in the past. A notorious malware was redirecting users when browsing to the Push-notification.tools site (link sanitized for your safety). This is what the Push-notification virus redirect looked like:
Basically, the malware was blocking all the content you wanted to browse with this pop-up asking you to click ‘Allow’. If you succumbed to it, you were giving the malware a free pass to deliver all kinds of spam to your desktop, even when the browser was closed.
Usually, this type of malware first enters your computer when you download ‘free’ software (pirated or cracked) from torrents and other sources of pirated content. You’ll get a malware ‘bonus’ especially in packages containing multiple pieces of software. One more reason to stay away from illegitimate content.
How to Review Push Notifications in Browsers (and Remove Them)
Are you getting suspicious push notifications and you’re unsure of whether they are malware or not? Or, even if you’re sure they’re not malware, you’d like to take back the permissions and you don’t know how?
Don’t worry, removing push notifications (when they are legit) is very easy. Here is how. (For malicious push notifications, things can be more complicated and I’ll discuss it in more detail below).
For Google Chrome, just go to Settings / content / notifications, or directly copy-paste this link into the browser address: chrome://settings/content/notifications?search=notifications
This will reveal the list of websites you allowed to send you push notifications, as well as the list of websites you blocked push notifications from. If you see one you don’t remember approving or wish to take back permission from, just click the vertical dots bar for that domain and select ‘Remove’.
For Mozilla Firefox, the process is almost identical. Go to Settings / content / notifications and you can see all the websites you allowed such pop-ups from. You can also select a No Notifications default option in Mozilla, if you want.
For Safari / Opera / other browsers, you can also easily find the path to reviewing push notifications in your browser settings. Just look around or drop me a question if you can’t find it.
What about Ad Blockers?
Some users opt for ad blockers in an attempt to simplify their digital life. They just install a browser extension and stop seeing ads, for good. This is legit and safe, so if that’s what you want to do, go ahead and install the Ad Block Plus extension, for example.
However, in my opinion, this is not the way to go. First of all, push notifications can be useful, when you’re actually getting those you are interested in. You just need to review permissions from your browser and restrict the list to stuff you really want to find out about.
Second of all, adblockers are also not displaying any on-page ads, some of which can have value for you as well. I know that some ads can be annoying, especially when persistent. But some can also remind you of some item you’ve seen and postponed buying etc. Personally, I do enjoy ads sometimes for their reminder value, or for helping me discover new things I might be interested in. Still, this is a matter of preference so it’s entirely up to you.
How to Get Rid of Malicious Push Notifications
A typical malicious pop-up meant to scare you into downloading yet more malware.
Here are the typical signs that the ads (push notifications) you are getting are malicious (caused by a malware infection):
- Ads appear even in places where they shouldn’t (like your desktop, even when the browser is closed)
- The browser home page changes without your permission
- The websites you used to visit without issues are now not displaying properly, or you get redirected to another address
- You get pop-ups which are advertising fake software or updates, or warnings that you are infected, followed by prompts to install a specific clean-up tool (DON’T!)
- You see apps and programs installed on your device (with shortcuts and everything) that you don’t remember installing
If you experience any from this list above, there’s a high chance that you were infected with malicious push notifications.
Unfortunately, there isn’t a quick one-size-fits-all fix, since there are different types of malware out there. Your best bet is to check your browser’s list of allowed push notifications and disable everything that doesn’t look familiar. All of them, if need be.
Then, scan your PC and clean it up with professional anti-malware software.
If you’d like to try our complete cybersecurity suite for home use (containing both reactive and proactive layers of security), here’s a month on the house:
Final Advice
To prevent infections with malicious push notifications and to keep your browsing experience as clean as possible, it’s best to be cautious.
Keep the list of websites from which you accept push notifications short. A few of your favorites are enough; if you’re interested to see updates from the other portals, you can always enter them at your own pace, right? (Of course, I hope that if you enjoy this blog and our content, you will accept push notifications from us.) 🙂
Also, don’t venture online unprotected. Keep your devices secured with a reputable cybersecurity product so you don’t get infected even if you do come across an infected link or file.
Stay safe and don’t hesitate to leave a comment if you have a question or some experience with push notifications worth sharing.
I had recently installed the real McAfee app ( verified as much as possible and friends had same AppStore one)and started getting push notifications. The second last one disappeared fast and I couldn’t find it in my history along with the others. I verified my settings and all was in order. Turned phone on to receive the latest one and screenshot it quickly and pressed on it. It directly went to what appeared to be still within the app to continue the “ find out if your information is at risk, set up identity protection to learn if your info is ex……”. Figuring it was a new account process I clicked the bubble to start scan. Wasn’t a link persay and I hadn’t realized that in fact my identity protection was already set up just unfamiliar with actually checking it. Of course an idiot as this notification had not appeared on my history once again. The scan finished asking if I wanted further checking and I clicked no ( probably a double nono) and it said a code was sent to the email on file and listed it. ( it’s a family member). Did I just infect myself and what do I do to check on iOS. Thank you
I’ve been following your blog for quite some time now, and I love your content and the lessons you share with your readers. Every time I read a post, I feel like I’m able to take a single, clear lesson away from it, which is why I think it’s so great.
Thank You for Writing
Thank you for the in depth explanation about malware in push notices.
I appreciate your time.
kindly simply your long-winded explanation. Just answer my query, saving the prose for someone who cares. CUT TO THE CHASE.
Hi Miriam,
Chrome push notifications seem pretty secure. If I’ve blocked push notifications on all sites by default, but allowed them from one specific site – say office.com or gmail.com — have I opened myself up to any risk? Is it possible for a malicious browser plugin or script to take advantage of this and send push notifications that are malicious?
Regards,
Alex
can u plz help my computer is badly infected with popups and ads which send me too diferent websites without my permission what should i do?
Hi Zulu!
Sorry to hear that. It definitely sounds like an infection. You need to install an all-round security suite and let it run deep scans until everything unsafe is quarantined / removed. Thor Premium Home would of course be my top recommendation: https://heimdalsecurity.com/ro/products/thor-premium-home . You have a 1-month free trial if you want to use the product to get rid of the current infection. Look into unnecessary browser extensions and remove those, also. Good luck!
Although I previously knew a lot about Google Chrome / Push Notifications (HOW TO FIND BAD PUSH NOTIFICATIONS and REMOVE THEM), after this ARTICLE that was added onto the Internet (JULY 25, 2019), was still HELPFUL a “YEAR LATER” (July 16, 2020), when I was googling about similar WINDOWS 10 settings, on my apartment computer. I THANK THE PERSON WHO WROTE THIS ARTICLE – IT HELPED ME TREMENDOUSLY TO REASSURE ME; WHAT “”I THOUGHT”” I FELT HAD ALREADY KNOWN.
Interesting article — it is a shame that Heimdal THOR FORESIGHT HOME exhibits this behavior with marketing ads (no way to disable them). I am often interrupted by pop ups trying to get me to upgrade to home premium.
Hi Shane, thank you for dropping by. I’m sorry the ads are annoying you, we just like to let our clients know about special offers, by default.
BUT, if you’d like to disable them for your account, it’s no problem at all. Please write to my colleagues a short email at support@heimdalsecurity.com and they will help ASAP.