Bolycherame.com Pushes Ads

While exploring suspicious websites, our researchers stumbled upon the rogue page bolycherame.com. This page is specifically crafted to promote browser notification spam and is also capable of redirecting users to other potentially unsafe or untrustworthy sites.

Access to bolycherame.com and similar pages typically occurs through redirects triggered by websites utilizing rogue advertising networks. These redirects may occur via spam notifications, intrusive ads, or the presence of installed adware. It's important to note that the content showcased on these rogue pages may vary depending on factors such as visitors' IP addresses or geolocations, thus leading to differing experiences for users.

Upon visiting bolycherame.com, our researchers encountered a deceptive video player that continuously loaded. Atop this graphic were instructions urging users to click "Allow" to confirm they are not robots. It's crucial to emphasize that this CAPTCHA verification prompt is fraudulent.

The primary objective is to deceive visitors into granting bolycherame.com permission to send browser notifications. These notifications may promote online scams, unreliable software, or even malware, thereby posing significant risks to users.

How Can Websites Abuse Push Notifications to Spam Ads?

Websites can abuse push notifications to spam ads by coercing or tricking users into granting permission for browser notifications. Here's how they typically accomplish this:

Deceptive Tactics: Websites may utilize deceptive tactics to convince users to click on misleading buttons or pop-ups that prompt them to allow notifications. This can include using fake error messages, misleading claims, or disguising the notification permission prompt as a CAPTCHA verification or an essential part of accessing content.

Social Engineering: Some websites employ social engineering techniques to manipulate users into granting notification permissions. They may use persuasive language, urgency, or fear tactics to convince users that allowing notifications is necessary for accessing content, receiving updates, or ensuring security.

Misleading Content: Websites may offer enticing or misleading content, such as promises of exclusive deals, prizes, or rewards, in exchange for allowing notifications. Users who are tempted by these offers may unknowingly grant permission without fully understanding the consequences.

Bundled Downloads: In some cases, websites may bundle notification permission prompts with legitimate downloads or software installations. Users who hastily proceed through installation processes may inadvertently grant permission for notifications without realizing it.

Browser Vulnerabilities: Exploiting vulnerabilities in web browsers or their extensions, websites can force notification permission prompts to appear without user interaction. This technique is less common but can be used by malicious actors to abuse push notifications.

Once users grant permission for notifications, websites can abuse this feature to spam ads by sending frequent and intrusive notifications directly to users' browsers. These notifications may promote various products, services, or scams, disrupting the user's browsing experience and potentially leading to further engagement with malicious content.

To prevent abuse of push notifications, users should exercise caution when granting notification permissions, only allowing notifications from trusted websites, and promptly revoking permissions for any unwanted or suspicious notifications. Additionally, web browsers often provide options to block or manage notifications, allowing users to control which websites can send notifications.