The creators of phishing scams have found a way to bypass mechanisms aimed at applications that are designed to steal personal information. These measures do not work against Progressive Web Apps (PWA), whose privileges are lower and capabilities are more modest.

Image source: Gerd Altmann / pixabay.com

On iOS, you can only install applications from the App Store, and on Android, by default, you can only install applications from Google Play—if you try to use another source, the system displays a warning. Discovered over the past nine months, phishing campaigns aim to trick victims into installing a malicious application that masquerades as an official banking client. Once installed, it steals account data and sends it to the attacker in real time via Telegram, ESET experts warn.

When attacking iOS users, a traditional PWA is used – a website developed by attackers is opened not through a browser, but with an imitation of a full-fledged application; Android users are in some cases tricked into installing a special sub-version of it – WebAPK. The attack begins when a potential victim receives a text message, robocall, or clicks on a malicious ad link on Facebook✴ or Instagram✴. Once they open the link, they are taken to a page that mimics the App Store or Google Play.

In the case of iOS, installing a PWA is slightly different from installing a standard application – the user is shown a pop-up window with installation instructions, simulating a system message from the platform. If an Android user installed WebAPK via Google Play, then his vigilance is lulled by the fact that the description states that the application does not have system privileges. In any case, after installation, the user is prompted to enter his credentials to access the online bank, and all entered information is sent to a server controlled by the scammers.

The new scheme is currently being used primarily in the Czech Republic, but incidents have already been noted in Hungary and Georgia. Cybersecurity experts assume that the number of such incidents will increase and their geography will expand.

admin

Share
Published by
admin

Recent Posts

Alienware Unveils Thin, Affordable Aurora 16 and 16X Gaming Laptops with Understated Designs

Alienware, a subsidiary of Dell known for its futuristic gaming laptops, has released new high-performance…

17 hours ago

Meta to Give Ray-Ban’s Next Smart Glasses ‘Superperception’ — Face Recognition

Meta✴ is exploring adding facial recognition technology to future versions of its Ray-Ban Meta✴ smart…

17 hours ago

Synology Releases DiskStation DS1825+ and DS1525+ NAS Based on AMD Ryzen V1500B

Synology has announced the DiskStation DS1525+ and DS1825+ network storage devices in a desktop form…

17 hours ago

Nvidia left the press without a driver for GeForce RTX 5060 – so reviews will not spoil the launch of sales

Igor’s Lab reported that Nvidia “decided not to provide a press driver” for the GeForce…

17 hours ago

Bitcoin Breaks $100,000 Again — ‘It’s All About Flows’

Bitcoin has once again surpassed the $100,000 mark — the last time such a rate…

19 hours ago