Threat actors started to use progressive web applications to impersonate banking apps and steal credentials from Android and iOS users - Using this type of apps in phishing campaigns allows evading detection, bypass app installation restrictions

Cybersecurity company ESET reports that it is currently tracking two distinct campaigns relying on this technique

welivesecurity.com/en/eset-res

Two methods

cybercriminals trick the user with a fake message about their banking app being outdated and the need to install the latest version for security reasons, providing a URL to download the phishing PWA.

In the case of malicious advertisements on social media, the threat actors use the impersonated bank’s official mascot to induce a sense of legitimacy and promote limited-time offers like monetary rewards for installing a supposedly critical app update

Follow

the two campaigns appear to be operated by different threat actors. One uses a distinct command and control (C2) infrastructure to receive stolen credentials, while the other group logs stolen data via Telegram.

Sign in to participate in the conversation

CounterSocial is the first Social Network Platform to take a zero-tolerance stance to hostile nations, bot accounts and trolls who are weaponizing OUR social media platforms and freedoms to engage in influence operations against us. And we're here to counter it.