Phishing Campaign Targets Mobile Users in Czech Republic for Banking Credentials via Progressive Web Application (PWA)

The Czech Republic is currently under attack by a sophisticated phishing campaign that targets mobile users in an attempt to steal their banking account credentials. This novel scheme leverages a Progressive Web Application (PWA) to deceive users into installing malicious apps that mimic legitimate banking applications.

Security researchers at ESET have identified that the attacks are primarily aimed at customers of Československá obchodní banka (CSOB), OTP Bank in Hungary, and TBC Bank in Georgia. The phishing websites are distributed through automated voice calls, SMS messages, and social media malvertising on platforms like Facebook and Instagram.

What sets this campaign apart is the use of PWAs and WebAPKs to trick users into installing fake banking apps without triggering any warnings. Once installed, these malicious apps capture the banking credentials entered by users and send them to attacker-controlled servers.

ESET first detected instances of phishing via PWAs in November 2023, with subsequent waves observed in March and May 2024. This revelation comes on the heels of the discovery of a new variant of the Gigabud Android trojan, which spreads through phishing websites impersonating the Google Play Store or legitimate financial institutions.

As cyber threats continue to evolve, it is crucial for mobile users to remain vigilant and cautious when interacting with unfamiliar websites or apps. Stay informed and follow reputable sources for the latest updates on cybersecurity threats.