Security News > 2024 > August > New phishing method targets Android and iPhone users

New phishing method targets Android and iPhone users
2024-08-20 14:29

ESET researchers discovered an uncommon type of phishing campaign targeting Android and iPhone users.

The phishing websites targeting iOS instruct victims to add a Progressive Web Application to their home screens, while on Android, the PWA is installed after confirming custom pop-ups in the browser.

PWAs, like websites, are cross-platform, which explains how these PWA phishing campaigns can target iOS and Android users.

ESET analysts discovered a series of phishing campaigns targeting mobile users that used three different URL delivery mechanisms.

After opening the URL delivered in the first stage, Android victims are presented with two distinct campaigns, either a high-quality phishing page imitating the official Google Play store page for the targeted banking application, or a copycat website for that application.

The phishing campaign and method are possible only because of the technology of progressive web applications.


News URL

https://www.helpnetsecurity.com/2024/08/20/android-iphone-phishing-campaign/