August 21, 2024 at 04:59PM
Threat actors are utilizing progressive web applications to impersonate banking apps and steal credentials from Android and iOS users. This technique was observed in phishing campaigns in Poland and the Czech Republic. Two distinct campaigns targeted Hungarian financial institution OTP Bank and TBC Bank in Georgia. These apps bypass installation restrictions and gain risky permissions. Cybersecurity company ESET reports the use of various methods to reach their targets, including automated calls and social media malvertising. These malicious ads induce a sense of legitimacy and offer limited-time rewards, leading victims to install the phishing apps. Progressive web apps can closely mimic the look and feel of native apps and gain access to device systems without user interaction, making them a dangerous trend for phishing.
Key Takeaways from the Meeting Notes:
1. Threat actors are exploiting progressive web applications (PWAs) to impersonate banking apps and steal credentials from both Android and iOS users.
2. PWAs offer a native-like user experience and can be installed directly from the browser, making it easier for cybercriminals to evade detection and gain access to risky permissions on the device without raising suspicion.
3. ESET reports two distinct campaigns targeting Hungarian financial institution OTP Bank and TBC Bank in Georgia using this technique, with each campaign operated by different threat actors.
4. The infection chain includes methods such as automated calls, SMS messages (smishing), and malvertising on social media to lure users into installing the malicious PWAs.
5. PWAs can closely mimic legitimate apps and can bypass app store installation restrictions, making them difficult to distinguish from genuine applications.
6. PWAs enable cybercriminals to access various device systems without requesting permissions from the mobile OS, and can be updated or modified by the attacker without user interaction.
7. The abuse of PWAs for phishing is an emerging trend that could escalate as more cybercriminals realize its potential and benefits.
Overall, the use of PWAs for phishing poses a significant threat to mobile users, and immediate action is needed to address this emerging trend.