Phishing campaigns are employing a novel technique that tricks users into installing malicious Progressive Web Apps (PWAs) which mimic official banking apps, bypassing built-in protections.
This method is concerning because it allows phishing apps to be installed without user consent to third-party app installation, undermining the security of both iOS and Android systems.
Jakub Osmani from ESET noted that the silent installation of deceptive APKs on Android could mislead users into believing they are safe, posing significant security threats.
The technique leverages Progressive Web Apps that deliver native-like functionality without heavy restrictions, increasing their potential to infiltrate a user's device undetected.
Collection
[
|
...
]