New method for phishing discovered for Android and IPhone users

News
By
published

Innovative phishing technique targeted banking customers

Cartoon Phishing
(Image credit: Shutterstock / DRogatnev)

Banking customers have been targeted in a newly discovered method of phishing attacks, new research has found.

A report from ESET found the attacks primarily focused on iPhone and Android users by getting them to unknowingly download Progressive Web Applications (PWA) disguised as authentic apps.

PWAs are websites made to behave like a stand-alone application, with the image seemingly verified by the use of native system prompts. PWAs bypass the need for a user to allow third-party installation, with iOS phishing sites posing as popular apps landing pages and directing victims to add the PWA to their home screen. Ultimately, the PWAs behaved like a normal mobile app - but by sidestepping the authorization of third-party installation on Android, this led to the silent installation of Android Package Kit (APK), which appeared to the user to be installed via the Google Play Store.

Delivery methods

The campaign used three different URL delivery mechanisms - Voice call, SMS delivery, and Malvertising, with customers across the Czech Republic, Hungary, and Georgia targeted.

Depending on the campaign, the install/update button launched the download of a malicious application directly onto the user’s phone, either in the form of a WebAPK (for Android devices) or a PWA. This bypassed the usual browser warnings of “installing unknown apps”.

The voice call would warn the victim about a supposed out-of-date banking app, and instructed the user to select a numbered option. Once they did so, a phishing URL was texted to them.

The SMS delivery sent messages which included the phishing link indiscriminately to Czech numbers, whilst the advertising campaign consisted of registered adverts on Meta platforms (like Facebook and Instagram). The ads contained a call to action to compel victims, such as a limited time offer for those who ‘download an update below’.

Recent reports show similar threat actors using falsified versions of popular Android apps, with increasingly sophisticated methods. Eset expects to see copycats of these applications, so we recommend staying vigilant. The best way to keep your data safe is by only downloading apps from legitimate sources, and being wary of any links sent by anyone you don’t know.

More from TechRadar Pro

Ellen Jennings-Trace
Ellen Jennings-Trace
Staff Writer

Ellen has been writing for almost four years, with a focus on post-COVID policy whilst studying for BA Politics and International Relations at the University of Cardiff, followed by an MA in Political Communication. Before joining TechRadar Pro as a Junior Writer, she worked for Future Publishing’s MVC content team, working with merchants and retailers to upload content.

Read more
mobile phone
Forget phishing, now "mishing" is the new security threat to worry about
Malware worm
Coordinated global mobile malware campaign targets banking apps and cryptocurrency platforms
An iPhone sitting on a wooden table
Millions at risk as malicious PDF files designed to steal your data are flooding SMS inboxes - how to stay safe
Close up of a business person using a smartphone.
Watch out, malicious PDF files are being used again in phishing attacks
Fraude en ligne phishing
What is phishing and how dangerous is it?
A fish hook is lying across a computer keyboard, representing a phishing attack on a computer system
Everything you need to know about phishing
Latest in Pro
Homepage of Manus, a new Chinese artificial intelligence agent capable of handling complex, real-world tasks, is seen on the screen of an iPhone.
Manus AI may be the new DeepSeek, but initial users report problems
healthcare
Software bug meant NHS information was potentially “vulnerable to hackers”
Hospital
Major Oracle outage hits US Federal health record systems
A hacker wearing a hoodie sitting at a computer, his face hidden.
Experts warn this critical PHP vulnerability could be set to become a global problem
botnet
YouTubers targeted by blackmail campaign to promote malware on their channels
A computer screen showing a spreadsheet in use.
This entire nation's public health department was found to be running on a single Excel spreadsheet
Latest in News
Apple's Craig Federighi demonstrates the iPhone Mirroring feature of macOS Sequoia at the Worldwide Developers Conference (WWDC) 2024.
Report: iOS 19 and macOS 16 could mark their biggest design overhaul in years – and we have one request
Lego Mario Kart – Mario & Standard Kart set on a shelf.
Lego just celebrated Mario Day in the best way possible, with an incredible Mario Kart set that's up for preorder now
TCL QM7K TV on orange background
TCL’s big, bright new mid-range mini-LED TVs have built-in Bang & Olufsen sound
Apple iPhone 16e
Which affordable phone wins the mid-range race: the iPhone 16e, Nothing 3a, or Samsung Galaxy A56? Our latest podcast tells all
Homepage of Manus, a new Chinese artificial intelligence agent capable of handling complex, real-world tasks, is seen on the screen of an iPhone.
Manus AI may be the new DeepSeek, but initial users report problems
Google Maps
Nightmare Google Maps glitch is deleting timelines, and there isn't a fix yet
More about pro
Whirlwind I Computer

Happy birthday, Director! The first operating system in the world turns 70 today
A computer screen showing a spreadsheet in use.

This entire nation's public health department was found to be running on a single Excel spreadsheet
Apple iPhone 16e

Which affordable phone wins the mid-range race: the iPhone 16e, Nothing 3a, or Samsung Galaxy A56? Our latest podcast tells all
See more latest
Most Popular
Apple iPhone 16e
Which affordable phone wins the mid-range race: the iPhone 16e, Nothing 3a, or Samsung Galaxy A56? Our latest podcast tells all
Apple's Craig Federighi demonstrates the iPhone Mirroring feature of macOS Sequoia at the Worldwide Developers Conference (WWDC) 2024.
Report: iOS 19 and macOS 16 could mark their biggest design overhaul in years – and we have one request
Whirlwind I Computer
Happy birthday, Director! The first operating system in the world turns 70 today
Lego Mario Kart – Mario & Standard Kart set on a shelf.
Lego just celebrated Mario Day in the best way possible, with an incredible Mario Kart set that's up for preorder now
Tesla Model 3
Tesla's EV sales are plummeting – as used Model Y and Model 3 prices crash to bargain levels
TCL QM7K TV on orange background
TCL’s big, bright new mid-range mini-LED TVs have built-in Bang & Olufsen sound
A computer screen showing a spreadsheet in use.
This entire nation's public health department was found to be running on a single Excel spreadsheet
Person using Dyson V8 vacuum
Dyson vacuums have one big problem and I don't understand why
Glowing server racks inside a data center.
The dirty little secret about AI hardware that you should know about: server vendors have to wrestle with wafer thin margins and bigger customers
Joe Goldberg and Kate Lockwood sitting at a table and looking at the camera in You season 5.
Netflix releases a killer new trailer for You season 5 but my favorite character is missing from Joe's final chapter