Hackers Trick With Fake Banking Apps, Exploits Android’s WebAPK Tech
Google Play Store has implemented measures to protect users from malware by requiring a valid D-U-N-S number to submit new apps.
However, cybercriminals have found a new way to trick users into installing malicious apps through WebAPKs, bypassing the Play Store.
Security researchers have discovered a recent campaign exploiting WebAPKs to deceive victims.
Hackers are sending fake messages to people, pretending to be their bank, and telling them to update their banking apps. The message includes a link to a website that installs malicious apps on their phones.
One of the banks targeted is PKO Bank Polski. The fake app asks for the user’s login credentials and 2FA code, allowing the hackers to steal money from their bank account.
These malicious apps are difficult to track because they have different names and codes on each device.
The hackers exploit a technology called WebAPKs, which allows apps to be installed through the web browser without triggering any security alerts.
Threat actors are using Android’s WebAPK technology to trick people into installing malicious web apps on their phones.
They send SMS messages pretending to be a mobile banking app update, and when users click the link, a malicious app is installed on their device.
The fake app impersonates a real bank and asks users to enter their login credentials and 2FA tokens, stealing their information.
These attacks are difficult to detect because the WebAPK apps have different names and checksums on each device.
To protect against these threats, it is recommended to block websites that use WebAPK for phishing attacks.
Additionally, cybercriminals are using specialized tools to spoof Android devices and bypass anti-fraud controls, allowing them to access compromised accounts and conduct unauthorized transactions.
Also Read:- Has China Hacked The US Government’s Email Accounts?
To protect yourself against attacks, only download apps from official sources like the Google Play Store, avoid third-party app stores, don’t open links from text messages, and install antivirus and antimalware software on your smartphone.