Hackers tricking Android users into installing harmful apps via bank texts

When attempting to infect Android phones with malware, hackers typically trick users into installing a malicious app by sideloading an APK (Android Package Kit) file. However, a new technique has emerged that is even simpler for hackers to execute, as it eliminates the need for users to sideload the malicious app.

As per a report by The Hacker News, security researchers from the Polish Financial Supervision Authority’s Computer Security Incident Response Team (CSIRT KNF) uncovered a recent campaign. In this campaign, cybercriminals send text messages to banking customers, claiming they need to update their mobile banking app.

In addition to the instructions, these messages include a link for users to update their app. However, instead of directing them to the trusted Play Store or another official Android app store, the link exploits WebAPK technology to install a malicious app onto their smartphone.

Here’s how hackers might trick Android users

WebAPK is a technology that allows Android users to install progressive web apps (PWAs) on their device’s home screen without going through the Google Play Store. Google’s documentation explains that when a user installs a PWA using WebAPK, a process called “minting” occurs. This process involves the creation and signing of an APK for the PWA.

After the minting process is complete, the browser automatically installs the app on the user’s device without any notifications or prompts. Since the APK is signed by trusted providers, the phone installs it without compromising security, treating it like any app from an official store. This means there’s no need for users to manually sideload the app.

In the case of a reported fake banking app called “org.chromium.webapk.a798467883c056fed_v2,” once the malicious app is successfully installed, it tricks users into providing their login credentials and two-factor authentication (2FA) tokens. This deceitful action ultimately results in the theft of their personal information.

It should be noted that to protect against such threats, it is advised to block websites that exploit the WebAPK mechanism for phishing attacks.

Stay connected with us on social media platform for instant update click here to join our T witter, & Facebook

We are now on Telegram. Click here to join our channel (@TechiUpdate) and stay updated with the latest Technology headlines.

For all the latest Technology News Click Here

Read original article here

Denial of responsibility! Rapidtelecast.com is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.