New method for phishing discovered for Android and IPhone users

News
By
published

Innovative phishing technique targeted banking customers

Cartoon Phishing
(Image credit: Shutterstock / DRogatnev)

Banking customers have been targeted in a newly discovered method of phishing attacks, new research has found.

A report from ESET found the attacks primarily focused on iPhone and Android users by getting them to unknowingly download Progressive Web Applications (PWA) disguised as authentic apps.

PWAs are websites made to behave like a stand-alone application, with the image seemingly verified by the use of native system prompts. PWAs bypass the need for a user to allow third-party installation, with iOS phishing sites posing as popular apps landing pages and directing victims to add the PWA to their home screen. Ultimately, the PWAs behaved like a normal mobile app - but by sidestepping the authorization of third-party installation on Android, this led to the silent installation of Android Package Kit (APK), which appeared to the user to be installed via the Google Play Store.

Delivery methods

The campaign used three different URL delivery mechanisms - Voice call, SMS delivery, and Malvertising, with customers across the Czech Republic, Hungary, and Georgia targeted.

Depending on the campaign, the install/update button launched the download of a malicious application directly onto the user’s phone, either in the form of a WebAPK (for Android devices) or a PWA. This bypassed the usual browser warnings of “installing unknown apps”.

The voice call would warn the victim about a supposed out-of-date banking app, and instructed the user to select a numbered option. Once they did so, a phishing URL was texted to them.

The SMS delivery sent messages which included the phishing link indiscriminately to Czech numbers, whilst the advertising campaign consisted of registered adverts on Meta platforms (like Facebook and Instagram). The ads contained a call to action to compel victims, such as a limited time offer for those who ‘download an update below’.

Recent reports show similar threat actors using falsified versions of popular Android apps, with increasingly sophisticated methods. Eset expects to see copycats of these applications, so we recommend staying vigilant. The best way to keep your data safe is by only downloading apps from legitimate sources, and being wary of any links sent by anyone you don’t know.

More from TechRadar Pro

Ellen Jennings-Trace
Ellen Jennings-Trace
Staff Writer

Ellen has been writing for almost four years, with a focus on post-COVID policy whilst studying for BA Politics and International Relations at the University of Cardiff, followed by an MA in Political Communication. Before joining TechRadar Pro as a Junior Writer, she worked for Future Publishing’s MVC content team, working with merchants and retailers to upload content.

More about pro
Creality K2 Plus

For the price, this large format multifilament 3D printer is the one I want in my studio
A phone sitting on a laptop keyboard with the Microsoft Outlook logo on the screen.

Gmail vs Outlook for business: which email system is right for your organization?

AMD Epyc 9965

The price of AMD’s most powerful processor ever has been slashed by almost half and I can't understand why
See more latest