- Hackers are using hidden unicode to activate Android to opening hazardous links with notification
- The link looks normal, but Android secretly opens something without warning or consent
- Even reliable apps like WhatsApp and Instagram suffer from this invisible notification
Experts have warned that security error -based actors in Android’s notification system can allow users to open unnecessary links or mobilize the hidden app operations.
IO-NO research claims how to analyze some unicode characters within Android information.
What makes users see and when the “open link” proposes, there is a similarities between taking action on the system.
You can like
What you see is not always the one you see
This problem is the use of hidden or special unicode characters embedded within the URL.
When a message is included, these characters can cause Android to translate the visible text and the actual viable link.
For example, a notification can clearly show “Amazon.com”, but the basic code actually opens “zone.com”, which has a zero width of the inserted zero.
The notification shows “AMA () Zon.com”, which includes the hidden character. However, the advice engine interprets that it hides the hidden role as a struggle, resulting in the beginning of a completely different site.
In some cases, invading users can redirect not only on the websites but also to deep links that directly interact with apps.
The report states how the seemingly harmless URL attracted the WhatsApp call.
To make the attacks less recognizable, malicious actors can use URL shorteners and embedded links in the text looks reliable.
When combined with the app links or “deep links”, this error is especially dangerous that can quietly mobilize behavior, such as starting messages, calls, or opening of internal app views without user’s intentions.
Tests on devices, including Google Pixel 9 Pro XL, Samsung Galaxy S25, and Old Android versions, have revealed that this misconduct affects large apps such as WhatsApp, Telegram, Instagram, Dcard and Slack.
Customs apps were also used to ignore the character filtering and confirm the attack in numerous scenes.
Given the nature of this error, many standard defense may be less. Even the best anti -virus solutions may lose these achievements, as they often do not include traditional malware downloads.
Instead, the invaders manipulate the UI’s behavior and exploit the app link. Therefore, closing point protection tools are needed, which offer wider detection based on behavior irregularities.
For users who are at risk of stealing credentials or misuse of the app, relying on identity theft protection services is important to monitor unauthorized activity and secure personal data exposed.
Unless formal fixes are implemented, Android users should be careful with information and links, especially from unknown sources or URL shortages.
