August 21, 2024 at 12:54PM
ESET warns of new phishing tactic targeting iOS and Android users with web applications mimicking banking software to steal login credentials. Cybercriminals use Progressive Web Applications and WebAPKs to bypass security measures. The attacks combine voice calls, social media malvertising, and SMS messages to distribute links, mainly targeting mobile banking users in Czech Republic, Hungary, and Georgia.
After reviewing the meeting notes, here are the key takeaways:
1. ESET has issued a warning about a new phishing tactic that targets iOS and Android users with web applications mimicking legitimate banking software. These applications are designed to bypass security protections and steal login credentials.
2. The cybercriminals behind these attacks used technologies such as Progressive Web Applications (PWA) and WebAPKs to create fraudulent applications that appear legitimate.
3. The phishing campaigns involved a combination of automated voice calls, social media malvertising, and SMS messages to distribute links to the fraudulent websites hosting the applications.
4. Once the phishing PWA or WebAPK is installed, its icon is added to the user’s home screen and leads directly to a phishing login page, prompting victims to submit their internet banking credentials, which are then sent to the attackers’ command-and-control (C&C) servers.
5. The attacks started around November 2023, with the C&C servers becoming operational in March 2024. Some cases also involved the use of a Telegram bot to collect users’ information.
6. The attacks primarily targeted mobile banking users in the Czech Republic, with additional attacks observed in Hungary and Georgia.
7. ESET believes that two different threat actors have been using this new phishing tactic and warns that they might expand their arsenal with more copycat applications, as they are difficult to distinguish from legitimate ones.
These takeaways provide a clear understanding of the new phishing tactic identified by ESET and the potential impact on mobile banking users, as well as the ongoing efforts of threat actors to exploit vulnerabilities in mobile platforms.