6 October 2024, Sun |
2:05 AM
ESET Research recently uncovered a sophisticated phishing campaign that targets mobile users by installing a phishing application via Progressive Web Applications (PWAs). This campaign, observed in the wild targeting clients of a prominent Czech bank, is particularly concerning because it installs phishing apps without requiring users to allow third-party app installation.
The phishing campaign exploits PWAs, which are essentially websites packaged to feel like standalone applications. On Android, these phishing apps mimic real banking apps and can be silently installed through a special kind of APK, appearing as if they were downloaded from the Google Play Store. iPhone users are also at risk, as the campaign instructs them to add the PWA to their home screens, making the fake apps indistinguishable from legitimate ones.
Jakub Osmani, an ESET researcher, highlighted the potential security risks for iPhone users, noting that such actions could challenge the perceived security of Apple’s “walled garden” ecosystem.
The phishing campaign uses three different URL delivery mechanisms: automated voice calls, SMS messages, and social media malvertising. For example, users receive a phishing URL via SMS after interacting with an automated voice call claiming their banking app is outdated. Additionally, malicious campaigns were promoted through Meta platforms like Instagram and Facebook, with ads encouraging users to download updates through phishing links.
ESET’s research revealed that the phishing campaign utilizes two distinct Command & Control (C&C) infrastructures, indicating the involvement of two separate groups. These groups targeted multiple banks, primarily in Czechia, with some instances reported in Hungary and Georgia.
ESET promptly shared its findings with the affected banks and assisted in taking down multiple phishing domains and C&C servers. This discovery underscores the need for increased vigilance and robust security measures to protect against evolving phishing threats.
