Hackers Exploit PWAs to Steal Banking Credentials from Android and iOS Users
Cybercriminals bypass app store protections using Progressive Web Apps that mimic legitimate banking applications.
Overview
- Progressive Web Apps (PWAs) are being used to impersonate banking apps and steal sensitive data.
- These PWAs bypass traditional app store security measures on both Android and iOS devices.
- Victims are tricked through phishing messages, malicious ads, and fake app store pages.
- The phishing technique has primarily targeted users in Czechia, Hungary, and Georgia.
- ESET has identified two distinct campaigns using this method, with stolen data being sent to attackers via different channels.