Are you a mobile user in the Czech Republic? Beware! A new phishing campaign is targeting users like you, leveraging a Progressive Web Application (PWA) to steal banking credentials. These attacks have already hit banks like Československá obchodní banka (CSOB), OTP Bank, and TBC Bank in Georgia. The attempted theft was revealed by Slovak cybersecurity company ESET.
The technique used in this phishing campaign is quite sophisticated. The iOS targets are tricked into adding a PWA to their home-screens, while Android users unknowingly install PWAs through custom pop-ups in the browser – making them look like legitimate banking apps. This deceptive tactic fools users into thinking they are updating their existing banking apps.
By exploring the command-and-control servers and backend infrastructure, cybersecurity researchers identified two different threat actors conducting these malicious campaigns. Phishing websites are spread through automated voice calls, SMS messages, and social media advertisements on platforms like Facebook and Instagram to lure unsuspecting individuals.
Once users click on the fake banking app links, they are directed to lookalike pages resembling legitimate app stores or banking apps, ultimately leading to the installation of the malicious PWA or WebAPK apps. On iOS devices, users are instructed to add the bogus PWA app to the Home Screen. The end goal of this campaign is to capture banking credentials and send them to attacker-controlled servers or Telegram group chats.
ESET first observed this phishing tactic involving PWAs in November 2023, with subsequent waves detected in March and May 2024. As cybersecurity experts uncover new threats, such as the Gigabud Android trojan spread via phishing websites impersonating banks or official entities, it’s crucial to stay vigilant against such attacks.
If you found this article insightful, stay updated with more exclusive content by following us on Twitter and LinkedIn.