Weekly Newsletter
A new phishing tactic targeting iOS and Android users with web applications mimicking legitimate banking software to bypass security protections and steal login credentials.
On both iOS and Android platforms, cybercriminals used Progressive Web Applications (PWA), which are websites bundled to look like stand-alone applications, PWAs can run on various platforms and device types, and do not require the user to allow third-party app installation.
It appear like regular native apps and their installation does not trigger any warnings on mobile devices, even if the user has not allowed installation from thirdparty sources
The phishing campaigns combined automated voice calls, social media malvertising, and SMS messages to distribute links opening the phishing link a page imitating the official Google Play/Apple Store page or the official website of the targeted banking application.
The user was then prompted to install a new version of the banking application, leading to the installation of the malicious program without any security warning being displayed on the device.
After installation, victims are prompted to submit their internet banking credentials to access their account via the new mobile banking app All submitted information is sent to the attackers’ C&C servers.
Denouement
The attacks were mainly focused on mobile banking users ,the attackers might expand with more copycat applications, as they are difficult to distinguish from the legitimate ones.
The malware is capable of collecting photos from the infected iPhone’s library, harvest SMS messages, capture the victim’s face, and proxy network traffic through the infected device It can also instruct the victim to provide a photo of their ID card.
The obtained information is combined with AI-powered face-swapping services to create deepfakes.
It’s worth noting that the current research reveals another methods used by the fraudsters are likely installing the banking app on their own device and using the trojan only to obtain the information needed to steal money from victims’ accounts
Today, you not only have to worry about someone stealing your phone or account password you also need to be vigilant about the security threats of mobile malware, SIM swaps, fake banking apps, and more….
