Someone is sending me messages in the form of notifications that appear from different apps

[eddlang]

In the past two days I've got two notifications from a random person under the name of "hn?" (without quotations), calling me names, which have appeared under two different apps, one is a banking app and another is a local listing app.

However, when I open the apps there is no message in them, and AFAICT the banking app does not even have a messaging function for users.

The messages are written in the local language but with english letters. It's probably one of the broker guys from the local listing app who I rejected his request and is now bothering me anonymously.

It's a Galaxy A34 that recently was updated to One UI 7. Its built-in McAfee scanner hasn't found anything suspicious. I don't install suspicious apps, and haven't installed anything new in a while anyway. The phone is not rooted.

How is this even done? Is it possible to send messages in the form of notifications?

 

[B. Diddy]

Welcome to Android Central! The next time you get one of those notifications, swipe down the notification panel and take a screenshot of it, and then post it here for us to see (blocking out any identifying information first).

Also, long-press that notification in the notification panel and show us what information shows up.

 

[spARTacus]

On PC in a browser, it's not hard to accept to receive notifications from a website. And then, for the website to send crafty notifications that appear to be valid other notifications, in order to trick users into thinking they need to do something or that they have received something else, falling deeper into a trap. Maybe also check your site settings in whatever browsers you use, to see what ones might have permission to send notifications.

 

[eddlang]

Welcome to Android Central! The next time you get one of those notifications, swipe down the notification panel and take a screenshot of it, and then post it here for us to see (blocking out any identifying information first).

Also, long-press that notification in the notification panel and show us what information shows up.

I had managed to screenshot the second one, but for the first one had to look in notification history. The first one was written with english letters but second one the local alphabet.

I don't have the long press screenshot but it was showing the notification settings of the app that got the notification.

Maybe also check your site settings in whatever browsers you use, to see what ones might have permission to send notifications.

Do you mean the sites of the apps that are getting these odd notifications, or generally check all the listed sites? Do I check on the phone browser or PC?

EDIT: On PC I use FF and sometimes Edge. In the former only one site is listed, tiktok, and it's blocked. There is nothing listed in Edge.

 

[B. Diddy]

Hmm, interesting -- those do look like they're coming from those apps, rather than some odd website on the browser (if they were from a website, the app responsible would by your browser).

You installed these apps via the Play Store, and not some other source, right?

 

[eddlang]

Play store. I scanned the phone with other malware scanners like avast and avira but still found nothing.

Do some apps use third-party notification services? I'm thinking maybe those two apps, which are both local, are using the same service and maybe someone is sending spam through it. Maybe it was either compromised or is done by a rouge employee. I honestly can't think of anything else.

 

[VidJunky]

What happens if you long press on the notifications? It should give you the option to turn off notifications for that app, I would be curious to know if the name of the app matches the icon. Google says it is not possible to spoof app notification icons without access to the device.

This is your device and not one that is shared, correct?

I think we really need to know if the app names match the icons shown.

 

[B. Diddy]

Are you able to translate those messages into English for us? I tried using Google Translate, and it gets tripped up by some of the text.

 

[eddlang]

What happens if you long press on the notifications? It should give you the option to turn off notifications for that app, I would be curious to know if the name of the app matches the icon.

The settings match the apps. There are no fine grained notification options for them, so I'd have to disable their notifications entirety. I can't do that since I need to receive genuine notifications from them.

Google says it is not possible to spoof app notification icons without access to the device.

This is your device and not one that is shared, correct?

I think we really need to know if the app names match the icons shown.

It's mine and bought brand new. It has never been shared with or handed to anyone else. The names and icons match.

Are you able to translate those messages into English for us? I tried using Google Translate, and it gets tripped up by some of the text.

First: "bro, why are you bald?"
Second: "bald doesn't suit you that much. That's alright, because you can find its solution on List itself."

I'd probably go to the bank tomorrow and see if they have any explanation. Maybe others have received such notifications too.

My concern is if my phone or account have been compromised, but I haven't seen any signs of that so far.

 

[B. Diddy]

Do you reuse credentials across various different accounts? I saw this article about some cases of credentials being stolen via List.am: https://jam-news.net/many-in-armenia-are-careless-with-their-personal-data-expert/

 

[eddlang]

Do you reuse credentials across various different accounts? I saw this article about some cases of credentials being stolen via List.am: https://jam-news.net/many-in-armenia-are-careless-with-their-personal-data-expert/

I haven't done any transactions through list.am itself, and my bank card isn't attached. The fraud cases here happen when people directly provide their sensitive information like account or card passwords when asked. Fraudsters contact people through SMS, whatsapp, list.am messages, etc. pretending to be from a bank or financial company. I've certainly not provided any such data to anyone; I haven't had any such contacts anyway.

 

[B. Diddy]

Sorry, but I'm stumped so far. I'm not aware of any way to spoof a legit app's notifications unless there's some way for a malicious app to have the exact same name and icon as the legit app.

I would normally suggest testing in Safe Mode, but that wouldn't help in this situation since Safe Mode would also disable those legit apps (List.am and the banking app).

 

[VidJunky]

Yeah, same here B. Diddy. I don't see any way this would even be possible.

Honestly, and I know this is way out there, not even in left field, but out there in outer space, is a government hack of some kind. I mean first who would hate you so much as to send you insults in the first place, and then on top of that who would have the sophistication to not only send these insults but to be able to make them look like they were from other apps? That's a whole level of tech that doesn't seem possible, especially when you consider one of the apps doesn't even send messages.

You say these attacks are directed at you, and while I am among the bald and beautiful, are you also bald? Not that these could be mistaken messages, but just checking to see if they are indeed directed at you.

Wish I had better answers. Have you received any other messages?

 

[eddlang]

You say these attacks are directed at you, and while I am among the bald and beautiful, are you also bald? Not that these could be mistaken messages, but just checking to see if they are indeed directed at you.

That was my thought intially but in my other post I theorized maybe the notification service itself was compromised somehow.

I went to the bank today and apparently a "technical problem" caused some "personal" messages to be sent to customers. My guess is a disgruntled employee was having a laugh, or the system was hacked.

Probably both companies are using the same third-party notification service.

 

[B. Diddy]

Thanks for the follow-up! Wow, that's pretty disturbing. I hope that (presumably) ex-employee is charged with some kind of cybercrime.