ESET Research has uncovered a sophisticated mobile phishing technique targeting clients of OTP Bank and TBC Bank in the Czech Republic, Hungary [1] [2] [3] [4], and Georgia [1] [2] [3] [4].

Description

This technique involved the use of Progressive Web Applications (PWAs) on both Android and iOS devices to install phishing applications without user permission [3]. Victims were deceived into installing a fake “new version” of their banking app through social engineering tactics. The phishing campaigns utilized various delivery methods such as voice calls, SMS messages [1] [2] [4], and malvertising [1] [2] [3] [4]. Two separate command and control (C&C) infrastructures were identified, indicating the involvement of multiple threat actor groups [3]. ESET promptly shared critical information with affected banks and assisted in dismantling phishing domains and C&C servers [1] [2]. The use of PWAs and WebAPKs allowed the phishing apps to mimic legitimate banking applications and evade security measures. Additionally, one group utilized a Telegram bot to collect victim information [2]. ESET’s advanced digital security solutions combine artificial intelligence and human expertise to proactively defend against emerging cyber threats.

Conclusion

The discovery of this sophisticated mobile phishing technique highlights the importance of continuous vigilance and collaboration between security researchers and financial institutions. By promptly sharing critical information and taking swift action, ESET was able to assist in dismantling the phishing infrastructure. Moving forward, it is crucial for organizations to stay informed about emerging cyber threats and implement robust security measures to protect against such sophisticated attacks.

References

[1] https://www.eset.com/uk/about/newsroom/press-releases/eset-research-discovers-financial-fraud-using-novel-phishing-method-tailored-to-android-and-iphone-users-1/
[2] https://www.eset.com/int/about/newsroom/press-releases/research/eset-research-discovers-financial-fraud-using-novel-phishing-method-tailored-to-android-and-iphone-users/
[3] https://www.infosecurity-magazine.com/news/novel-phishing-android-ios-pwa/
[4] https://zerosecurity.org/2024/08/cybercriminals-target-mobile-users-czech-republic-phishing-campaigns-leveraging-progressive-web-applications/