LifeNewsShowbizSocietyEntertainmentSuperstitions

New Phishing Method Targets Banking Customers on Android and iPhone

By Jurassic JennAug 23, 2024 08:28 AMTech
Share:
Phishing. Source: https://aag-it.com/

A sophisticated phishing technique has recently emerged, predominantly targeting banking customers who use iPhone and Android devices. Cybersecurity firm ESET's research reveals that this new method involves convincing users to unknowingly download Progressive Web Applications (PWA) disguised as legitimate apps.

How the Attack Works

PWAs are essentially websites that function like stand-alone applications. They can trick users by mimicking an authentic app’s appearance through native system prompts. This technique exploits the PWA's ability to avoid requesting user permission for third-party installations. On iOS, phishing websites act as famed app landing pages, directing victims to add the PWA to their home screen. These PWAs operate like regular apps but bypass the need for Android’s third-party app authorization, silently installing a Web Android Package Kit (WebAPK) that seems to originate from the Google Play Store.

Phishing
Phishing

Methods of Delivery

The phishing campaigns employed three main delivery mechanisms: voice calls, SMS, and malvertising. Victims across the Czech Republic, Hungary, and Georgia were targeted. During the voice call campaigns, recipients were falsely alerted about an outdated banking app, prompting them to select a numbered option, which would then send a phishing URL via text message.

SMS delivery indiscriminately sent phishing links to numerous Czech numbers. Meanwhile, malvertising utilized Meta platforms like Facebook and Instagram, where registered ads included calls to action for users to download fake updates. Once the victims clicked these links, they were directed to download either a WebAPK or a PWA, bypassing typical browser warnings about unknown app installations.

Diagram on how PWAs work
Diagram on how PWAs work

The Risk and Recommendation

This phishing approach, first identified by CSIRT KNF—a computer security incident response team for Poland’s financial sector—in July 2023, highlights an escalating threat. ESET warns that the usage of falsified popular Android app versions is on the rise, expecting further copycat attempts. Hence, safeguarding personal data relies on downloading apps solely from reputable sources and being cautious with unfamiliar links.

The discovery points to the growing sophistication in phishing methods, with the ability of PWAs to imitate genuine app experiences creating significant risks for unsuspecting users

Earlier, SSP wrote that Gemini subscribers can now use 'Polish' writing tool for emails.

IphoneAndroidMoneyTech
Share:
Home/Tech/New Phishing Method...
Top Articles

The meaning of the name Ava and its spiritual meanings

Sep 13, 2024 16:15 PM

Symbolism and power of the mockingbird totem animal: your spiritual encounter

Sep 13, 2024 12:16 PM

Twitching left or right eyebrow: spiritual meanings of the omen

Sep 13, 2024 08:41 AM

Symbolism and spiritual meaning of centipede encounter

Sep 11, 2024 15:21 PM
More News

Marseille Confirm Agreement with Free Agent Adrien Rabiot

Sep 17, 2024 21:59 PM

Justin Timberlake Pleads Guilty and Urges Against Drinking and Driving

Sep 17, 2024 21:38 PM

Influential Friendships Await Three Zodiac Signs

Sep 17, 2024 21:16 PM

Want to Get into Vinyl? 3 Great Beginner Turntable Systems to Get You Started

Sep 17, 2024 20:53 PM

5 of the Best Fall Movies

Sep 17, 2024 20:12 PM

Engaging in relaxation activities: horoscope for the second part of September

Sep 17, 2024 19:54 PM

A Shy Penguin Wins New Zealand’s Bird Election Amid Memes and Tattoos

Sep 17, 2024 19:08 PM

Tottenham Hotspurs Manager Postecoglou Confident in Second-Year Succes

Sep 17, 2024 18:25 PM

Three Zodiac Signs Set for New Opportunities

Sep 17, 2024 18:03 PM

The Secret Behind Your Cat's Sense Of Smell

Sep 17, 2024 17:42 PM

Is It Safe to Eat Sprouted Potatoes? What Experts Say

Sep 17, 2024 17:21 PM

The 5 Weirdest and Wildest Stunts Crowned by Guinness World Records in 2024

Sep 17, 2024 16:59 PM

Matter is Revolutionizing Your Smart Home – What You Need to Know

Sep 17, 2024 16:39 PM

Prioritising practical aspects of love: horoscope for the second part of September

Sep 17, 2024 16:18 PM

5 Funny Horror Movies to Watch for a Bloody Good Time

Sep 17, 2024 15:56 PM

Doja Cat's Artistic Evolution: Striving Beyond Pop to Explore Diverse Genres

Sep 17, 2024 15:36 PM

Chicken with Peaches – One-Pan 30-Minute Meal

Sep 17, 2024 15:13 PM

Tech Billionaire Returns to Earth After Historic Spacewalk

Sep 17, 2024 14:51 PM

Significant Self-Discoveries Await Three Zodiac Signs

Sep 17, 2024 14:08 PM

Adorable Baby Hippo Moo Deng Becomes Overnight Celebrity

Sep 17, 2024 13:47 PM

Europe's Solheim Cup Comeback Falls Short as Pettersen Faces No Regrets

Sep 17, 2024 13:25 PM

Teenager Builds Robot to Solve Rubik's Cube

Sep 17, 2024 13:03 PM

Three zodiac signs will embrace humor and light-heartedness: horoscope for September 17

Sep 17, 2024 12:42 PM

Radiating a sense of warmth and encouragement with family: horoscope for the second part of September

Sep 17, 2024 12:23 PM

Celestial Phenomenon and Cultural Beliefs About Solar Eclipses

Sep 17, 2024 12:04 PM

Spot the Snake: A Challenge for Keen Observers

Sep 17, 2024 11:37 AM