New Phishing Technique Bypasses Security on iOS and Android to Steal Bank Creds
A new phishing technique targets iOS and Android users via PWAs and WebAPKs, mimicking banking software to steal credentials. Attacks focus on users in the Czech Republic, Hungary, and Georgia.
Read original article
A new phishing technique has emerged that targets users of iOS and Android devices, utilizing Progressive Web Applications (PWAs) and WebAPKs to steal banking credentials. ESET, an anti-malware vendor, has reported that cybercriminals are creating web applications that mimic legitimate banking software, allowing them to bypass security measures. On iOS, users are prompted to add the PWA to their home screens, while Android users confirm pop-ups to install the application, which appears to be from Google Play. These malicious applications do not trigger security warnings, making them difficult to detect. Once installed, users are directed to a phishing login page where they are asked to enter their banking credentials, which are then sent to the attackers' command-and-control servers. The attacks, which began around November 2023, have primarily targeted mobile banking users in the Czech Republic, with additional incidents reported in Hungary and Georgia. ESET has identified two different threat actors using this tactic and warns that the phishing campaigns may expand with more deceptive applications.
- New phishing technique targets iOS and Android users through PWAs and WebAPKs.
- Malicious applications mimic legitimate banking software, bypassing security measures.
- Users are tricked into installing these apps without security warnings.
- Attacks primarily focus on mobile banking users in the Czech Republic, Hungary, and Georgia.
- ESET warns of potential expansion of these phishing tactics by threat actors.
Related
Criminal gangs who 'shoulder-surf' pin numbers steal '20 smartphones a day'
Criminal gangs exploit pin numbers through "shoulder-surfing" to steal smartphones for financial app access. Mobile banking fraud rises by 62%, urging public awareness and protective measures against increasing threats.
Apple alerts iPhone users in 98 countries to mercenary spyware attacks
Apple warns iPhone users globally about mercenary spyware attacks, emphasizing threat seriousness. No specific attackers or countries disclosed. Apple's proactive stance aims to protect users from evolving cybersecurity threats.
Threat Actor Abuses Cloudflare Tunnels to Deliver Rats
Proofpoint reported increased cybercriminal activity using Cloudflare Tunnels to deliver malware, particularly remote access trojans. Campaigns involve phishing emails and exploit temporary tunnels, necessitating adaptive cybersecurity defenses.
How developers trick App Store into approving malicious apps
Developers are deceiving the App Store to approve malicious apps like "Collect Cards" by using geofencing and Microsoft's CodePush SDK, allowing post-approval changes to app functionalities. Apple has removed these apps.
Mac and Windows users infected by software updates delivered over hacked ISP
Hackers compromised an ISP to deliver malware to Windows and Mac users via software updates, affecting multiple applications. Users are advised to avoid insecure updates and use secure DNS protocols.
6 commentsThis seems to be a mischaracterization/misunderstanding of what WebAPKs are. As far as I understand, they're merely an implementation detail of how Chrome on Android makes PWAs feel "more native": https://web.dev/articles/webapks#frequently_asked_questions
In other words, any installed PWA gets a corresponding WebAPK, and there's no actual vetting by the Play Store involved.
I don't really understand the point of that, and there seem to be significant security downsides (via user confusion, as demonstrated here), but I don't know the details, and there's probably a technical reason why Google did it this way.
I do not know what education is like where this campaign seems to have taken place (Czech Republic), but really basic tech literacy should be taught in schools. I know it's tricky to teach someone to be tech literate with a moving target like evolving tech, but we should be _trying_.
Related
Criminal gangs who 'shoulder-surf' pin numbers steal '20 smartphones a day'
Criminal gangs exploit pin numbers through "shoulder-surfing" to steal smartphones for financial app access. Mobile banking fraud rises by 62%, urging public awareness and protective measures against increasing threats.
Apple alerts iPhone users in 98 countries to mercenary spyware attacks
Apple warns iPhone users globally about mercenary spyware attacks, emphasizing threat seriousness. No specific attackers or countries disclosed. Apple's proactive stance aims to protect users from evolving cybersecurity threats.
Threat Actor Abuses Cloudflare Tunnels to Deliver Rats
Proofpoint reported increased cybercriminal activity using Cloudflare Tunnels to deliver malware, particularly remote access trojans. Campaigns involve phishing emails and exploit temporary tunnels, necessitating adaptive cybersecurity defenses.
How developers trick App Store into approving malicious apps
Developers are deceiving the App Store to approve malicious apps like "Collect Cards" by using geofencing and Microsoft's CodePush SDK, allowing post-approval changes to app functionalities. Apple has removed these apps.
Mac and Windows users infected by software updates delivered over hacked ISP
Hackers compromised an ISP to deliver malware to Windows and Mac users via software updates, affecting multiple applications. Users are advised to avoid insecure updates and use secure DNS protocols.