Video
Phishing with PWAs? ESET Research’s latest discovery could well shatter some users’ assumptions about the security of their preferred platform
August 23, 2024
ESET researchers recently revealed an unusual type of phishing campaign using Progressive Web Apps (PWAs) that targeted the customers of a leading Czech bank.
The technique used installed a phishing application from a third-party website without requiring the user to allow the installation of third-party apps. This is because PWAs are simply websites bundled into what feels like a standalone app, enhanced by the use of native system prompts.
For iOS users, such an action could shatter their assumptions about the security of their platform. On Android, this can result in the silent installation of a special kind of APK, which appears to be installed even from the Google Play Store.
Read more in Tony’s latest video.