A new phishing scheme has been launched on the two most popular mobile operating systems iOS and Android, which mainly targets users of banking applications. This was reported by TechRadar.
In a new report, international antivirus software developer ESET said that mobile device users are being forced to unknowingly install Progressive Web Applications (PWAs) that masquerade as genuine programs.
PWAs are websites that behave like separate programs. Attackers create phishing sites that pretend to be the official pages of popular apps and direct victims to add PWAs to their smartphone's home screen.
In order to install them on an Android smartphone, you do not need to allow installations from unknown sources. This leads to an invisible installation of the APK, which looks to the user as if it was installed from Google Play.
The new phishing campaign uses three methods of delivering links to websites to users - voice calls, SMS, and malicious ads. The campaign is currently active in the Czech Republic, Hungary, and Georgia.
By clicking on a malicious link, users unknowingly trigger the installation of a malicious program on their device. In the case of Android, it is a WebAPK, and on iOS, it is a PWA. Among other things, this method bypasses the usual browser notifications about the installation of unknown programs.
To get users to visit the sites, the attackers tell them that they have an outdated banking program installed and then send a link to a malicious website. Different types of advertisements are sent via SMS, urging users to download an updated program, claiming that it is a limited offer.
After the installation, victims are asked to send their online banking credentials to access their account through a new mobile banking application. All the information provided is sent to the attackers' C&C servers.
ESET also reports that more fake sites impersonating popular programs may appear in the future. The best way to protect yourself from such phishing campaigns is to install programs only from trusted sources. You should also check links that may be sent to you by unknown persons.