The creators of phishing scams have found a way to bypass mechanisms aimed at applications that are designed to steal personal information. These measures do not work against Progressive Web Apps (PWA), whose privileges are lower and capabilities are more modest.

Image source: Gerd Altmann / pixabay.com

On iOS, you can only install applications from the App Store, and on Android, by default, you can only install applications from Google Play—if you try to use another source, the system displays a warning. Discovered over the past nine months, phishing campaigns aim to trick victims into installing a malicious application that masquerades as an official banking client. Once installed, it steals account data and sends it to the attacker in real time via Telegram, ESET experts warn.

When attacking iOS users, a traditional PWA is used – a website developed by attackers is opened not through a browser, but with an imitation of a full-fledged application; Android users are in some cases tricked into installing a special sub-version of it – WebAPK. The attack begins when a potential victim receives a text message, robocall, or clicks on a malicious ad link on Facebook✴ or Instagram✴. Once they open the link, they are taken to a page that mimics the App Store or Google Play.

In the case of iOS, installing a PWA is slightly different from installing a standard application – the user is shown a pop-up window with installation instructions, simulating a system message from the platform. If an Android user installed WebAPK via Google Play, then his vigilance is lulled by the fact that the description states that the application does not have system privileges. In any case, after installation, the user is prompted to enter his credentials to access the online bank, and all entered information is sent to a server controlled by the scammers.

The new scheme is currently being used primarily in the Czech Republic, but incidents have already been noted in Hungary and Georgia. Cybersecurity experts assume that the number of such incidents will increase and their geography will expand.

admin

Share
Published by
admin

Recent Posts

Study: Apple C1 mobile modem falls short of Qualcomm modems in terms of connection quality in difficult conditions

A study by Cellular Insights Inc. found that Qualcomm's mobile modems perform better than Apple's…

9 hours ago

Tesla Warns Trump Administration of Chip Tariffs

Tesla has called on the Trump administration to exercise caution in imposing tariffs on imported…

9 hours ago

To better compete with OpenAI, Meta will split its AI team into two

Meta✴ will split its AI teams to better compete with OpenAI and Google, as well…

9 hours ago

The Order: 1886 Director Co-Founds New Studio — Atlantis Studio Aims to Conquer the Industry with Innovative Games

Ru Weerasuriya, co-founder of Ready at Dawn, which closed last summer, and creative director of…

9 hours ago

Review of the wireless speaker “Yandex Station Street”: Alice in the cities

To be honest, when I first saw the news about the release of the portable…

9 hours ago

Blacktail developers announce Davy x Jones — a shooter about the headless pirate Davy Jones in the afterlife of sailors

Polish studio Parasight, known for the folklore action game Blacktail about the young Baba Yaga,…

1 day ago