Phishing, Application security

New banking-targeted phishing scheme involves progressive web apps

Share
Virtual bank and digital banking

Malicious progressive web apps impersonating those of Hungary-based OTB Bank, Georgia-based TBC Bank, and an unnamed Czech bank have been leveraged by a pair of threat actors with significantly different attack infrastructures to compromise Android and iOS users' banking data as part of a phishing campaign that commenced last November, reports The Record, a news site by cybersecurity firm Recorded Future.

Attackers have used automated voice calls, social media ads, and SMS messages to lure targets into downloading the PWAs, which resemble legitimate apps and enable stealthy compromise of devices' camera, microphone, geolocation, and other browser functions, a report from ESET showed. Targets who have installed the PWAs were then prompted to provide their banking credentials, which were exfiltrated to attacker-controlled servers, said researchers, who have also sought to dismantle the phishing domains and servers used by the hackers. "We expect more copycat applications to be created and distributed, as it is difficult to distinguish legitimate apps from phishing ones after installation," noted ESET.

New banking-targeted phishing scheme involves progressive web apps

Attackers have used automated voice calls, social media ads, and SMS messages to lure targets into downloading the PWAs, which resemble legitimate apps and enable stealthy compromise of devices' camera, microphone, geolocation, and other browser functions, a report from ESET showed.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.