Oasis Ticket Sales Scams: How to Stay Safe
During our weekly meetings with the banking industry and Police Scotland, we continue to see a significant increase in ticket scams over the last three…
Beware of Phishing Attacks Using Progressive Web Apps to Steal Logins
A new phishing technique has emerged that cyber criminals are using to steal login credentials from unsuspecting victims. This method involves creating malicious progressive web apps (PWAs) that display fake login forms mimicking well-known brands or services. These PWAs can be installed on a user’s device, making them appear as legitimate applications.
What are Progressive Web Apps (PWAs)?
PWAs are web-based applications built using HTML, CSS, and JavaScript. They function like native mobile apps but can be accessed through a web browser and installed on a user’s device. Popular websites like Twitter, Instagram, and Facebook use PWAs to provide a seamless app-like experience to their users.
How the PWA Phishing Attack Works
Cyber criminals are now creating PWAs with convincing corporate login forms to phish for user credentials. These fake PWAs may prompt visitors to “install the app” on their devices. Once installed, the PWA launches and displays a fake login screen, often with a spoofed URL in the address bar to appear more legitimate.
To lure victims into installing the malicious PWA, attackers may:
- Create websites promoting fake software or remote management tools with a button to “install” the app.
- Distribute links or advertisements tricking users into installing the PWA.
- Send phishing emails with malicious links to the fake PWA installer.
If a user enters their login credentials into the fake form, the information is sent directly to the attacker.
Protecting Yourself from PWA Phishing Attacks
To avoid falling victim to these attacks, exercise caution when prompted to install any application or PWA, especially from unfamiliar sources.
Here are some tips to stay safe:
- Be wary of unsolicited prompts or links asking you to install apps or PWAs, even if they appear to be from a legitimate source.
- Verify the legitimacy of any software or app before installing it, especially if it requires login credentials.
- Check the URL in the address bar carefully. Legitimate websites will not have a fake URL displayed.
- Keep your operating system, web browsers, and security software up-to-date to benefit from the latest security patches.
- Enable two-factor or multi-factor authentication whenever possible to add an extra layer of security for your accounts.
If you suspect you may have fallen victim to a PWA phishing attack, immediately change the passwords for any accounts potentially compromised and enable additional security measures like two-factor authentication. It’s also advisable to monitor your accounts for any suspicious activity and report the incident to the relevant authorities.
While PWA phishing attacks may be more sophisticated, exercising caution and following best practices for online security can help protect you from falling victim to these scams.
Additional information available at:
- https://www.bleepingcomputer.com/news/security/new-phishing-toolkit-uses-pwas-to-steal-login-credentials
- https://alluresecurity.com/phishing-kits-targeting-regional-banks-and-credit-unions
- https://mrd0x.com/progressive-web-apps-pwa-phishing
- https://infosecdefence.com/blogdetails/PWAs-exploited-using-Phishing-toolkit#:~:text=A%20newly%20released%20phishing%20kit,website%20like%20regular%20desktop%20applications.
Related articles
Alert: Unpatched Microsoft Office Vulnerability Exposes NTLM Hashes
Microsoft has recently disclosed a significant security vulnerability affecting multiple versions of its Office suite, including Office 2016, Office 2019, Office LTSC 2021 and Microsoft…
Public Alert: Windows 11 End of Support – Action Required
Microsoft has issued an important reminder that multiple editions of Windows 11 will reach the end of their support lifecycle on 8 October 2024. This…