Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?
Beware the Fake Banking Apps: Cybercriminals Exploit PWAs to Steal Your Money
Threat actors are using progressive web applications to impersonate banking apps and steal credentials from Android and iOS users. These apps bypass app store restrictions and raise fewer security flags, making them the new darlings of phishing campaigns. ESET tracks campaigns targeting OTP Bank and…
Hot Take:
Great, as if we didn’t have enough to worry about with our banking apps, now we need to be wary of progressive web apps too! It’s like the internet’s version of playing Whac-A-Mole, but the moles might steal your money.
Key Points:
– **Threat actors are using PWAs to impersonate banking apps and steal credentials from Android and iOS users.**
– **The technique bypasses app installation restrictions and avoids user prompts.**
– **Campaigns targeting OTP Bank in Hungary and TBC Bank in Georgia are currently active.**
– **Attackers use methods like smishing, automated calls, and malvertising to lure victims.**
– **PWAs can closely mimic native apps and access device systems through browser APIs.**
Already a member? Log in here