Threat Actors Trick Android Users with Malicious Web Apps
Threat actors are using Android’s WebAPK technology to deceive users into installing malicious web apps on their phones, aimed at stealing sensitive personal information. This attack starts with victims receiving SMS messages that suggest updating a mobile banking application.
Researchers from CSIRT KNF have discovered a new attack where threat actors exploit Android’s WebAPK technology. They take advantage of users’ trust in SMS messages regarding app updates by sending messages that appear to be from a banking application.
The message prompts users to update their mobile banking app by clicking a link. The link redirects users to a website where they are prompted to install a web app. This web app is actually a malicious application disguised as a banking app.
How the Attack Works:
Once the user installs the web app, it gains access to sensitive personal information on the victim’s phone. By impersonating a banking app, the malicious web app tricks users into providing their login credentials, banking details, and other confidential information.
The attackers use Android’s WebAPK technology to package the web app and make it look like a legitimate app. This allows them to bypass security measures that are in place to protect users from installing unsafe applications.
Implications and Recommendations:
Users need to be cautious when receiving SMS messages asking to update banking apps. It is always safer to update apps directly from the official app stores. Additionally, users should only install applications from trusted sources to reduce the risk of falling victim to such attacks.
Mobile phone manufacturers and app stores should also enhance their security measures to detect and block malicious web apps disguised as legitimate applications. This will help protect users from falling prey to these types of attacks.
Threat actors are exploiting Android’s WebAPK technology to trick Android users into installing malicious web apps disguised as legitimate banking applications. By sending SMS messages that appear to be from a banking app, attackers prompt users to update their mobile banking app by clicking on a link. This link redirects them to a website where a malicious web app is installed on their phone. This app then steals sensitive personal information from the victim. Users are advised to update apps only from official sources and to be cautious when receiving SMS messages regarding app updates. Mobile phone manufacturers and app stores should also enhance their security measures to prevent the installation of such malicious apps.
Original Article: https://thehackernews.com/2023/07/hackers-exploit-webapk-to-deceive.html