Video
ESET Research’s latest discovery about the use of Progressive Web Apps (PWA) for phishing may challenge some users’ perceptions of their platform’s security.
23 Aug 2024
ESET researchers have recently uncovered a unique type of phishing campaign using Progressive Web Apps (PWAs) that targeted customers of a well-known Czech bank.
The used technique launched a phishing application from a third-party website without requiring the user to permit third-party app installation. This was possible because PWAs are essentially websites bundled into what resembles a standalone app, made more interactive by the use of native system prompts.
For iOS users, these activities might undermine their perceptions of their platform’s security. On Android, it could lead to the silent installation of a particular kind of APK that even seems to be installed from the Google Play store.
Discover more details in Tony’s recent video.