Hackers Exploit WebAPK to Deceive Android Users into Installing Malicious Apps
Jul 17, 2023
Mobile Security / Malware
Threat actors are taking advantage of Android's WebAPK technology to trick unsuspecting users into installing malicious web apps on Android phones that are designed to capture sensitive personal information. "The attack began with victims receiving SMS messages suggesting the need to update a mobile banking application," researchers from CSIRT KNF said in an analysis released last week. "The link contained in the message led to a site that used WebAPK technology to install a malicious application on the victim's device." The application impersonates PKO Bank Polski, a multinational banking and financial services company headquartered in Warsaw. Details of the campaign were first shared by Polish cybersecurity firm RIFFSEC. WebAPK allows users to install progressive web apps (PWAs) to their home screen on Android devices without having to use the Google Play Store. "When a user installs a PWA from Google Chrome and a WebAPK is used, the minti