August 20, 2024 at 04:21PM
A novel phishing campaign in the Czech Republic targets mobile users through Progressive Web Applications to steal banking account credentials from banks such as CSOB, OTP, and TBC. The phishing websites are distributed through voice calls, SMS, and social media. The attack is notable for deceiving users into installing PWAs without specific permissions and is linked to multiple threat actors. This tactic has been happening since late 2023, and there are other similar attacks targeting Android devices.
Key takeaways from the meeting notes:
– A novel phishing campaign targeting mobile users in the Czech Republic is leveraging a Progressive Web Application (PWA) to steal banking account credentials from banks such as Československá obchodní banka (CSOB), OTP Bank, and TBC Bank.
– The phishing websites are distributed via automated voice calls, SMS messages, and social media malvertising.
– The attackers use deceptive tactics to have users install PWAs or WebAPKs from third-party sites without specific authorization, allowing the phishing apps to bypass traditional browser warnings.
– The end goal of the campaign is to capture banking credentials and exfiltrate them to attacker-controlled servers or chat groups.
– This campaign was first recorded in November 2023, with subsequent waves detected in March and May 2024.
Additionally, the meeting notes also referenced the discovery of a new variant of the Gigabud Android trojan spread through phishing websites mimicking the Google Play Store or impersonating banks or governmental entities, along with the identification of multiple control panels for various Android banking trojans operated by a threat actor named DukeEugene.
These key points provide a clear overview of the emerging mobile security issues and banking fraud discussed in the meeting.