Mobile phishing attacks are evolving, and cybercriminals have found a new way to target iOS and Android users. Have you heard about the latest tactic using Progressive Web Applications (PWAs) and WebAPKs? These are no ordinary apps\u2014they’re designed to mimic legitimate banking software, making it easier for hackers to steal your login credentials.<\/p>\n
So, how does this scam work?<\/p>\n
On iOS, users are tricked into adding a PWA to their home screens. These PWAs look like stand-alone apps, but they’re actually web applications bundled to deceive you. On Android, the threat is even more sophisticated. Hackers use WebAPKs\u2014apps that appear to be installed directly from Google Play. These apps don\u2019t trigger any security warnings, even if you haven\u2019t enabled third-party installations.<\/p>\n
Imagine opening what seems to be your trusted banking app, only to unknowingly enter your login details into a phishing page. That’s exactly what happens with these fraudulent apps. The moment you submit your credentials, they\u2019re sent directly to the attackers’ command-and-control servers.<\/p>\n
This new method isn’t just theory\u2014it\u2019s happening now. ESET, a leading cybersecurity firm, uncovered this threat, which has been active since late 2023. Initially, the attacks targeted mobile banking users in the Czech Republic, but they’ve since expanded to Hungary and Georgia.<\/p>\n
What makes this attack even more dangerous is its delivery method. Hackers are using a mix of automated voice calls, social media ads, and SMS messages to distribute links to these malicious apps. The fake apps are designed to look like they come from official sources like Google Play or the Apple Store. Once installed, the app\u2019s icon appears on your home screen, ready to lure you into entering your sensitive banking information.<\/p>\n
The worst part? These attacks are incredibly hard to detect. The apps are almost indistinguishable from legitimate ones, and cybersecurity experts warn that more of these copycat applications may be on the way.<\/p>\n
What can you do to protect yourself?<\/b><\/p>\n Is Your Mobile Banking App Safe?<\/p>\n Cybercriminals are using fake apps to steal login credentials on iOS and Android. These apps mimic legitimate banking software, making them hard to detect. Learn how to protect your devices from this new threat and keep your data secure with Cyber Safe Business.<\/p>\n","protected":false},"author":1,"featured_media":424,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","footnotes":""},"categories":[],"tags":[],"class_list":["post-425","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry"],"_links":{"self":[{"href":"https:\/\/qld.cybersafebusiness.au\/index.php\/wp-json\/wp\/v2\/posts\/425","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/qld.cybersafebusiness.au\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/qld.cybersafebusiness.au\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/qld.cybersafebusiness.au\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/qld.cybersafebusiness.au\/index.php\/wp-json\/wp\/v2\/comments?post=425"}],"version-history":[{"count":0,"href":"https:\/\/qld.cybersafebusiness.au\/index.php\/wp-json\/wp\/v2\/posts\/425\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/qld.cybersafebusiness.au\/index.php\/wp-json\/wp\/v2\/media\/424"}],"wp:attachment":[{"href":"https:\/\/qld.cybersafebusiness.au\/index.php\/wp-json\/wp\/v2\/media?parent=425"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/qld.cybersafebusiness.au\/index.php\/wp-json\/wp\/v2\/categories?post=425"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/qld.cybersafebusiness.au\/index.php\/wp-json\/wp\/v2\/tags?post=425"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}\n