Description
ESET analysts dissected a novel phishing method tailored to Android and iOS users, combining standard phishing delivery techniques with a novel approach of targeting mobile users via Progressive Web Applications (PWAs) and WebAPKs. Insidiously, installing these phishing PWAs and WebAPKs does not trigger warnings about installing third-party applications. Most of the observed applications targeted clients of Czech banks, but some also targeted banks in Hungary and Georgia. Two different threat actors were determined to be operating the campaigns based on their distinct command-and-control infrastructures.
Date
Published | Created | Modified |
---|---|---|
Aug. 21, 2024, 6:09 p.m. | Aug. 21, 2024, 6:09 p.m. | Aug. 21, 2024, 6:27 p.m. |
Attack Patterns
T1437
T1417
Additional Informations
Finance
South Georgia and the South Sandwich Islands
Georgia
Hungary
Czechia