Beware: Malicious Apps Are Stealing Bank Credentials on iOS and Android Through New Phishing Technique

A new wave of phishing attacks has emerged, putting iOS and Android users at significant risk. ESET, a security firm, has sounded the alarm on a sophisticated phishing tactic that bypasses standard security measures, potentially compromising the bank credentials of countless users.

Cybercriminals have developed a deceptive strategy that utilizes Progressive Web Applications (PWAs) and WebAPKs—web-based applications designed to mimic legitimate banking software. These malicious apps are designed to look and function like genuine mobile banking apps, but their true purpose is to steal your sensitive information.

On iOS devices, users are being tricked into adding PWAs to their home screens, believing them to be trusted applications. Android users face an even more insidious threat: WebAPKs. These applications can masquerade as native apps, appearing to be downloaded from Google Play without triggering any of the usual security warnings. Shockingly, even if a user has not permitted the installation of third-party apps, these WebAPKs can still bypass those settings, further obscuring their malicious intent.

Once installed, these fraudulent apps prompt users to enter their banking credentials under the guise of accessing their accounts. Every piece of information entered is immediately sent to the attackers’ command-and-control (C&C) servers, giving cybercriminals unfettered access to victims’ bank accounts.

The attacks, which reportedly began in late 2023, have already targeted mobile banking users in the Czech Republic, Hungary, and Georgia. However, the potential for this phishing tactic to spread globally is real and alarming. ESET warns that the attackers are likely to develop more copycat applications, making it increasingly difficult for users to distinguish between legitimate and fraudulent apps.

This evolving threat serves as a stark reminder to be vigilant and cautious. If you receive any prompts to install or update a banking app, verify its authenticity through official channels. Your financial security may depend on it.

By Zane
August 26, 2024
Computer Security
English
August 26, 2024
Computer Security

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

5 years ago

What is the OperaGXSetup.exe File and is it Malicious?

11 months ago

Eporner.com And Why Its Excessive Pop-Ups Are Risky

11 days ago

HackTool:Win32/Crack: a Malicious Threat That Can Seriously...

7 months ago

Take Note: Someone Added You As Their Recovery Email Scam

10 months ago

A Potentially Serious Threat: Trojan:Win32/Suschil!rfn

18 days ago

Related Posts

Android Malware

Xenomorph Android Malware Targets Bank Customers

Attacks against Android devices are continuing to become a common occurrence. One of the latest malware families to go after the most popular mobile operating system is called Xenomorph. Allegedly, the Xenomorph... Read more

February 22, 2022
Android Malware

Watch Out for Mobile Apps Group Android Adware

Mobile apps Group is the collective name given to a number of malicious applications for Android. The four different applications belonging to the same group are called "Driver: Bluetooth, Wi-Fi, USB", "Bluetooth Auto... Read more

November 7, 2022
Android Malware

Malicious Android Apps Clone Real Services and Apps to Steal Banking Info

The start of 2022 has been rife with news about mobile malware. In yet another case of security researchers intercepting Android-based malware, a team with ESET detected a campaign that was spoofing legitimate apps on... Read more

April 7, 2022
English
Loading...

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2025 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.