Android malware alerts: Stay up to date with the latest threats to your phone



progressive web app apple store :: Article Creator

Sneaky Phishers Are Using Web Apps To Trick Android And IOS Users Into Installing Malware

In brief: Bad actors continue to devise new ways to make staying safe online more challenging. The latest method is particularly innovative, as it bypasses the built-in security protections of iOS and Android by using Progressive Web Apps. These PWAs mimic legitimate apps on your phone, tricking users into handing over bank credentials and other sensitive data.

Installing apps from unofficial channels on both iOS and Android is now more difficult than ever. While iOS outright forbids it, Android is more lenient, allowing you to "sideload" apps from other sources if you choose. However, the process isn't straightforward – you need to check a couple of boxes in prompts that warn you about the risks involved.

Unauthorized app installations are no easy feat for hackers either. So, clever phishers have devised a sneaky workaround. Security firm ESET has highlighted how bad actors are using a special type of app called a Progressive Web App to bypass security measures. PWAs run entirely in your browser using web standards, with no native code required. You might have encountered them when a website or browser prompts you to install a site as an app.

Here's how the attack unfolds: you receive a sketchy text or see an ad on Facebook or Instagram with a link. If you click it or any attached links, it launches a page mimicking the legitimate app store for your platform. Then, it prompts you to install an "update" for your bank's mobile app.

For Android users, clicking the install button triggers a WebAPK installation – bypassing any warnings about unknown apps due to some Chrome functionality that the phishers are exploiting. On iOS, you get an animated popup styled just like Apple's system prompts, instructing you on how to add the PWA to your home screen.

Once the phishing PWA is installed and added to your home screen, looking completely legitimate, it prompts you to enter your online banking credentials to access your account via this new "mobile banking app." In reality, it's just relaying that sensitive information directly to the scammers' servers.

A savvy user might be able to distinguish a PWA from a regular app and realize that apps can't be installed directly from a web browser. But for the average person, it's easy to fall for the ruse.

ESET's researchers have observed this tactic being used to target bank customers primarily in Czechia, with some victims in Hungary and Georgia as well. While the company has successfully negotiated the takedown of multiple phishing domains involved in this scam, it remains unclear what actions Apple and Google will take to address the issue.


Hackers Steal Banking Creds From IOS, Android Users Via PWA Apps

Hackers steal banking creds from iOS, Android users via PWA apps

Threat actors started to use progressive web applications to impersonate banking apps and steal credentials from Android and iOS users.

Progressive web apps (PWA) are cross-platform applications that can be installed directly from the browser and offer a native-like experience through features like push notifications, access to device hardware, and background data syncing.

Using this type of apps in phishing campaigns allows evading detection, bypass app installation restrictions, and gain access to risky permissions on the device without having to serve the user a standard prompt that could raise suspicion.

The technique was first observed in the wild in July 2023 in Poland, while a subsequent campaign that launched in November of the same year targeted Czech users.

Cybersecurity company ESET reports that it is currently tracking two distinct campaigns relying on this technique, one targeting the Hungarian financial institution OTP Bank and the other targeting TBC Bank in Georgia.

However, the two campaigns appear to be operated by different threat actors. One uses a distinct command and control (C2) infrastructure to receive stolen credentials, while the other group logs stolen data via Telegram.

Infection chain

ESET says that the campaigns rely on a broad range of methods to reach their target audience, including automated calls, SMS messages (smishing), and well-crafted malvertising on Facebook ad campaigns.

In the first two cases, the cybercriminals trick the user with a fake message about their banking app being outdated and the need to install the latest version for security reasons, providing a URL to download the phishing PWA.

In the case of malicious advertisements on social media, the threat actors use the impersonated bank's official mascot to induce a sense of legitimacy and promote limited-time offers like monetary rewards for installing a supposedly critical app update.

Depending on the device (verified via the User-Agent HTTP header), clicking on the ad takes the victim to a bogus Google Play or App Store page.

Clicking on the 'Install' button prompts the user to install a malicious PWA posing as a banking app. In some cases on Android, the malicious app is installed in the form of a WebAPK - a native APK generated by Chrome browser.

The phishing app uses the official banking app's identifiers (e.G. Logo legitimate-looking login screen) and even declares Google Play Store as the software source of the app.

The appeal of using PWAs on mobile

PWAs are designed to work across multiple platforms, so attackers can target a broader audience through a single phishing campaign and payload.

The key benefit, though, lies in bypassing Google's and Apple's installation restrictions for apps outside the official app stores, as well as "install from unknown sources" warning prompts that could alert victims to potential risks.

PWAs can closely mimic the look and feel of native apps, especially in the case of WebAPKs, where the browser logo on the icon and the browser interface within the app are hidden, so distinguishing it from legitimate applications is nearly impossible.

These web apps can get access to various device systems through browser APIs, such as geolocation, camera, and microphone, without requesting them from the mobile OS's permissions screen.

Ultimately, PWAs can be updated or modified by the attacker without user interaction, allowing the phishing campaign to be dynamically adjusted for greater success.

Abuse of PWAs for phishing is a dangerous emerging trend that could gain new proportions as more cybercriminals realize the potential and benefits.

A few months back, we reported about new phishing kits targeting Windows accounts using PWAs. The kits were created by security researcher mr.D0x specifically to demonstrate how these apps could be used to steal credentials by creating convincing corporate login forms.

BleepingComputer has contacted both Google and Apple to ask if they plan to implement any defenses against PWAs/WebAPKs, and we will update this post with their responses once we hear back.


IOS 17.4—Apple Suddenly Backtracks On Controversial New IPhone Move

Apple's iOS 17.4 is about to launch, along with new features and massive changes for iPhone users based in the EU. One of most controversial moves coming with iOS 17.4 was the removal of home screen web apps, which Apple said needed to happen to comply with new rules stipulated by the EU Digital Markets Act (DMA).

But Apple has suddenly backtracked on the iOS 17.4 move to halt support for home screen web apps, also known as progressive web apps (PWAs).

Apple has suddenly backtracked on the iOS 17.4 move to halt support for home screen web apps, also ... [+] known as progressive web apps (PWAs).

Getty Images

In a statement on its developer site, the iPhone maker said that from iOS 17.4, EU iPhone users could still access home screen web apps.

The new iOS 17.4 move come after beta users noticed they could no longer run web apps on their iPhone home screen. Apple confirmed this had been done intentionally to allow the iPhone maker to comply with DMA rules that say it must support alternative browsers in the EU.

That would mean companies would be allowed to build browsers not based on Apple's WebKit engine for the first time. The iPhone maker said the resulting lack of control would open up iOS to malicious web apps, so in this context PWAs would be a threat to security.

In its latest U-turn, Apple now says it can support PWAs in iOS 17.4, because even if the app isn't loaded using Safari, all home screen web apps will be

So, why did Apple backtrack on its iOS 17.4 decision? The iPhone maker hasn't said much, apart from stating the need to "remove the capability was informed by the complex security and privacy concerns," adding that it will carry on support because it has received requests to do so.

The iOS 17.4 move had a lot of opposition, from security researchers at Mysk to secure email service Proton, who questioned Apple's real reasons for removing support for home screen web apps.

The iOS 17.4 move was also the subject of an open letter from the Open Web Advocacy Organization to Apple CEO Tim Cook, which says the "silently-introduced changes threaten critical features including integration with iOS, push notifications, unread count badging, and the ability to run full screen."

"Entire categories of apps will no longer be viable on the web as a result. More troubling, we understand iOS will not include APIs for competing browsers to implement these features either. This will do vast, immediate, and ongoing harm to users, developers, and businesses, both inside and outside the EU."

Apple's iOS 17.4 comes with seismic changes, especially for users based in the EU, including the ability to enable sideloading on iPhones for the first time. The update should launch on 4 March or 5 March, so keep an eye on my Forbes page for updates.





Comments

Post a Comment

Popular posts from this blog

ZLUDA v2 Released For Drop-In CUDA On Intel Graphics - Phoronix

Image
One of many interesting and original open-source projects to be started in 2020 was ZLUDA, an open-spurce drop-in CUDA implementation for Intel graphics. ZLUDA - developed independent of Intel and NVIDIA - is built atop Intel's oneAPI Level Zero interface (hence the name, ZLUDA) and allows for unmodified CUDA applications to run on Intel UHD/Xe Graphics hardware with near-native performance. Well, that's the goal at least but with the initial ZLUDA release were a number of support limitations. Out today is ZLUDA Version 2 that has been focused on ensuring it works well with the Geekbench CUDA test cases as an interesting stressor for CUDA on Intel graphics. Additionally, the Microsoft Windows support for ZLUDA has been improved while continuing to provide first-rate Linux support. ZLUDA Version 2 implements more host-side functions, a number of bugs have been fixed, I/O performance improvements, support for creating traces of CUDA kernel executions, and other enhancements for
Read more

Google chrome crashed and now laptop is running very slowly. Malware? - Virus, Trojan, Spyware, and Malware Removal Help - BleepingComputer

Image
Hello, My Huawei laptop is not very old and has been working perfectly until yesterday. Google Chrome crashed and now it takes longer to start up, and neither chrome or Microsoft edge work properly (very slow and keep buffering). My avast anti virus has not found anything when I scanned, but I can't think what else the problem can be. I tried some of the steps in the post about a slow computer not being a malware problem but nothing changed, and since I don't have very much installed on my laptop I don't think it can be a problem with memory. Any help in fixing this would be very much appreciated. I have attached my log here; Rachel Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-04-2022 Ran by Rachel (administrator) on LAPTOP-AJP0U36V (HUAWEI BOHB-WAX9) (17-04-2022 16:11:18) Running from C:\Users\Rachel\Downloads Loaded Profiles: Rachel Platform: Microsoft Windows 10 Home Single Language Version 21H2 19044.1645 (X64) Language:
Read more

Google chrome crashed and now laptop is running very slowly. Malware? - Virus, Trojan, Spyware, and Malware Removal Help - BleepingComputer

Image
Hello, My Huawei laptop is not very old and has been working perfectly until yesterday. Google Chrome crashed and now it takes longer to start up, and neither chrome or Microsoft edge work properly (very slow and keep buffering). My avast anti virus has not found anything when I scanned, but I can't think what else the problem can be. I tried some of the steps in the post about a slow computer not being a malware problem but nothing changed, and since I don't have very much installed on my laptop I don't think it can be a problem with memory. Any help in fixing this would be very much appreciated. I have attached my log here; Rachel Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-04-2022 Ran by Rachel (administrator) on LAPTOP-AJP0U36V (HUAWEI BOHB-WAX9) (17-04-2022 16:11:18) Running from C:\Users\Rachel\Downloads Loaded Profiles: Rachel Platform: Microsoft Windows 10 Home Single Language Version 21H2 19044.1645 (X64) Language:
Read more