Be careful what you wish for – Phishing in PWA applications

Aug. 21, 2024, 6:27 p.m.

Description

ESET analysts dissected a novel phishing method tailored to Android and iOS users, combining standard phishing delivery techniques with a novel approach of targeting mobile users via Progressive Web Applications (PWAs) and WebAPKs. Insidiously, installing these phishing PWAs and WebAPKs does not trigger warnings about installing third-party applications. Most of the observed applications targeted clients of Czech banks, but some also targeted banks in Hungary and Georgia. Two different threat actors were determined to be operating the campaigns based on their distinct command-and-control infrastructures.

External References

https://www.welivesecurity.com/en/eset-research/be-careful-what-you-pwish-for-phishing-in-pwa-applications/
https://otx.alienvault.com/pulse/66c62d64734f782122fa123b
Tags
android
2024-08-21

Date

  • Created: Aug. 21, 2024, 6:09 p.m.
  • Published: Aug. 21, 2024, 6:09 p.m.
  • Modified: Aug. 21, 2024, 6:27 p.m.

Indicators

  • 185.68.16.56
  • 46.175.145.67
  • 185.181.165.124
  • csas.georgecz.online
  • play-protect.pro
  • hide-me.online
  • cyrptomaker.info
  • blackrockapp.eu
Download all indicators here!

Attack Patterns

Additional Informations

  • Finance
  • South Georgia and the South Sandwich Islands
  • Georgia
  • Hungary
  • Czechia