This threat involves a deceptive campaign where quiz websites lure users into enabling browser push notifications under false pretenses. The sites present quizzes on various topics to entice users to click a 'Start the quiz' button, which triggers a misleading browser prompt requesting permission to send notifications. Users who accept this prompt inadvertently allow the site to send persistent notifications that can display advertisements, scams, or links to unwanted downloads even when the user is not actively browsing the site. The campaign exploits social engineering tactics (T1566) and user interaction (T1204) to bypass browser security controls. The notifications act as a persistent adware vector, potentially leading to further malicious payloads or phishing attempts. The campaign is distributed via multiple domains, many localized to regions such as New Zealand (.co.nz), India (.co.in), and South Africa (.co.za), indicating targeted regional activity. The threat does not exploit a software vulnerability but abuses legitimate browser features and user trust. There are no known exploits in the wild beyond the social engineering mechanism. The campaign is documented by AlienVault OTX and referenced in security analyses, with guidance provided for removing and blocking notifications across major browsers including Chrome, Firefox, Opera, Edge, and Safari.

The primary impact is on user experience and security posture, as unwanted notifications can lead to persistent adware infections, exposure to scams, and potential malware downloads. Organizations face risks of compromised endpoint security if users fall victim and install malicious payloads via these notifications. The campaign can degrade productivity due to intrusive notifications and increase helpdesk workload for remediation. While it does not directly compromise system integrity or confidentiality, it serves as a vector for further attacks, including phishing and malware distribution. The broad geographic distribution of domains suggests a wide potential reach, particularly in countries with high internet penetration and use of browsers supporting push notifications. The campaign may also damage brand reputation if employees or customers are targeted. The lack of authentication or complex exploitation lowers the barrier for attackers, increasing the likelihood of widespread impact.

1. Educate users to be cautious about enabling browser notifications, especially from unfamiliar or suspicious websites. 2. Implement browser policies via group policy or MDM solutions to restrict or control push notification permissions in enterprise environments. 3. Regularly audit and remove unwanted notification permissions from browsers on organizational devices. 4. Use web filtering and DNS blocking to prevent access to known malicious domains listed in the indicators. 5. Deploy endpoint security solutions capable of detecting and blocking adware and malicious payloads delivered via notifications. 6. Monitor network traffic for unusual outbound connections or repeated notification permission requests. 7. Encourage users to report suspicious notifications promptly to IT security teams. 8. Keep browsers and security software up to date to leverage the latest protections against social engineering and adware. 9. Consider browser extensions or security tools that warn or block deceptive notification prompts. 10. Integrate threat intelligence feeds to update blocklists dynamically with emerging malicious domains.