Encircle News!

Retro Game Arcade
, ,

New method for phishing discovered for Android and IPhone users

TechRadar – All the latest technology news

Banking customers have been targeted in a newly discovered method of phishing attacks, new research has found.

A report from ESET found the attacks primarily focused on iPhone and Android users by getting them to unknowingly download Progressive Web Applications (PWA) disguised as authentic apps.

PWAs are websites made to behave like a stand-alone application, with the image seemingly verified by the use of native system prompts. PWAs bypass the need for a user to allow third-party installation, with iOS phishing sites posing as popular apps landing pages and directing victims to add the PWA to their home screen. Ultimately, the PWAs behaved like a normal mobile app – but by sidestepping the authorization of third-party installation on Android, this led to the silent installation of Android Package Kit (APK), which appeared to the user to be installed via the Google Play Store.

Delivery methods

The campaign used three different URL delivery mechanisms – Voice call, SMS delivery, and Malvertising, with customers across the Czech Republic, Hungary, and Georgia targeted.

Depending on the campaign, the install/update button launched the download of a malicious application directly onto the user’s phone, either in the form of a WebAPK (for Android devices) or a PWA. This bypassed the usual browser warnings of “installing unknown apps”.

The voice call would warn the victim about a supposed out-of-date banking app, and instructed the user to select a numbered option. Once they did so, a phishing URL was texted to them.

The SMS delivery sent messages which included the phishing link indiscriminately to Czech numbers, whilst the advertising campaign consisted of registered adverts on Meta platforms (like Facebook and Instagram). The ads contained a call to action to compel victims, such as a limited time offer for those who ‘download an update below’.

Recent reports show similar threat actors using falsified versions of popular Android apps, with increasingly sophisticated methods. Eset expects to see copycats of these applications, so we recommend staying vigilant. The best way to keep your data safe is by only downloading apps from legitimate sources, and being wary of any links sent by anyone you don’t know.

More from TechRadar Pro

https://www.techradar.com/pro/new-method-for-phishing-discovered-for-android-and-iphone-users

Leave a Reply

Your email address will not be published. Required fields are marked *

Follow Us

Featured Posts

August 2024
M T W T F S S
 1234
567891011
12131415161718
19202122232425
262728293031  

About Us

Welcome to encircle News! We are a cutting-edge technology news company that is dedicated to bringing you the latest and greatest in everything tech. From automobiles to drones, software to hardware, we’ve got you covered.

At encircle News, we believe that technology is more than just a tool, it’s a way of life. And we’re here to help you stay on top of all the latest trends and developments in this ever-evolving field. We know that technology is constantly changing, and that can be overwhelming, but we’re here to make it easy for you to keep up.

We’re a team of tech enthusiasts who are passionate about everything tech and love to share our knowledge with others. We believe that technology should be accessible to everyone, and we’re here to make sure it is. Our mission is to provide you with fun, engaging, and informative content that helps you to understand and embrace the latest technologies.

From the newest cars on the road to the latest drones taking to the skies, we’ve got you covered. We also dive deep into the world of software and hardware, bringing you the latest updates on everything from operating systems to processors.

So whether you’re a tech enthusiast, a business professional, or just someone who wants to stay up-to-date on the latest advancements in technology, encircle News is the place for you. Join us on this exciting journey and be a part of shaping the future.

Podcasts

TWiT 993: The Save Money Button – Pixel 9, Dell Layoffs, Apple Robotics This Week in Tech (Audio)

Hackers leak 2.7 billion data records with Social Security numbers Troy Hunt: Inside the "3 Billion People" National Public Data Breach The English Premier League Will Ditch Its Hated VAR Offside Tech for a Fleet of iPhones Pixel 9 Pro and Pro XL: Satellite SOS, Android 14, $999 start price Google Team Pixel "reviews" controversy DOJ Considers Seeking Google (GOOG) Breakup After Major Antitrust Win – Bloomberg Dell announces second massive set of layoffs to employees The first post-quantum cryptography standards are here News outlets were leaked insider material from the Trump campaign. They chose not to print it Your Air Conditioner Is Lying to You Apple (AAPL) Pushes Ahead with Tabletop Home Device in Shift to Robotics Pelosi Statement in Opposition to California Senate Bill 1047 NVIDIA, OpenAI face YouTube creator lawsuits for using online videos xAI's new Grok image generator floods X with controversial AI fakes AT&T and Verizon ask FCC to throw a wrench into Starlink's mobile plan Consumers spent $3.8B on mobile entertainment apps in Q1 Fox-Disney Sports Service Blocked by Judge in Win for Fubo Microsoft removes FAT32 partition size limit in Windows 11 Host: Leo Laporte Guests: Nicholas Deleon, Dan Patterson, and Brian McCullough Download or subscribe to this show at https://twit.tv/shows/this-week-in-tech Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: mintmobile.com/twit canary.tools/twit – use code: TWIT 1password.com/twit e-e.com/twit
  1. TWiT 993: The Save Money Button – Pixel 9, Dell Layoffs, Apple Robotics
  2. TWiT 992: Why Not Pudding? – Google's Monopoly, Net Neutrality, AI Phishing
  3. TWiT 991: This Show Is Securities Fraud – Intel Layoffs, KOSA, Don Lemon
  4. TWiT 990: Dogecoin Fort Knox – AI Cheese, SearchGPT, "Free" Facebook
  5. TWiT 989: Executive Laundry Folding Disorder – Crowdstrike, Prime Day, Streaming the Olympics