PWA phishing on Android and iOS – Week in security with Tony Anscombe

by admin 0 Comments

Cyber Security
Share on Facebook
Share on Twitter
Share on Pinterest
Share on LinkedIn
Share on Facebook
Share on Twitter
Share on Pinterest
Share on LinkedIn

Video

Phishing using PWAs? ESET Research’s latest discovery might just ruin some users’ assumptions about their preferred platform’s security

23 Aug 2024

ESET researchers have recently revealed an uncommon type of phishing campaign using Progressive Web Apps (PWAs) that targeted the clients of a prominent Czech bank. 

The technique used installed a phishing application from a third-party website without the user having to allow third-party app installation. This is because PWAs are simply websites bundled into what feels like a standalone app, enhanced by the usage of native system prompts.

For iOS users, such an action might break their assumptions about their platform’s security. On Android, this could result in the silent installation of a special kind of APK, which even appears to be installed from the Google Play store. 

Learn more in Tony’s latest video.

Connect with us on FacebookTwitterLinkedIn and Instagram.

This article was originally published by Welivesecurity.com. Read the original article here.
Share on Facebook
Share on Twitter
Share on Pinterest
Share on LinkedIn

Products You May Like

Articles You May Like

Warning: DEEPDATA Malware Exploiting Unpatched Fortinet Flaw to Steal VPN Credentials
watchTowr Finds New Zero-Day Vulnerability in Fortinet Products
Bitfinex Hacker Jailed for Five Years Over Billion Dollar Crypto Heist
Massive Telecom Hack Exposes US Officials to Chinese Espionage
Palo Alto Networks Confirms New Zero-Day Being Exploited by Threat Actors

Leave a Reply

Your email address will not be published. Required fields are marked *