Mobile users in the Czech Republic are currently under threat from a sophisticated phishing campaign that exploits Progressive Web Applications (PWAs) to steal banking credentials. The attacks, targeting major banks such as Československá obchodní banka (CSOB), OTP Bank, and TBC Bank, involve deceptive PWAs that mimic legitimate banking apps. According to Slovak cybersecurity firm ESET, these malicious PWAs are designed to look indistinguishable from their genuine counterparts, tricking users into installing them on their devices.
The phishing scheme employs various tactics to deliver these malicious PWAs. Victims receive automated voice calls, SMS messages, or social media ads that lure them into clicking on phishing links. On iOS devices, users are instructed to add the fraudulent PWA to their home screens, while Android users are prompted to install WebAPKs through pop-ups. This technique bypasses traditional security warnings and allows the malicious apps to evade detection.
Once installed, the fake PWAs function like legitimate banking apps, capturing users’ banking credentials and transmitting them to attacker-controlled servers or Telegram groups. The first instance of this technique was observed in July 2023, with subsequent waves of attacks reported in November 2023, March, and May 2024. This evolving phishing strategy underscores the need for heightened vigilance among mobile users.
In addition to this campaign, cybersecurity researchers have also identified a new variant of the Gigabud Android trojan, which spreads via phishing sites mimicking the Google Play Store or various banks. This malware has advanced capabilities, including data collection and credential theft, adding another layer of risk to mobile banking security. As threats like these continue to evolve, users must be cautious and ensure they are only installing apps from trusted sources.
Reference:
