Progressive Web Apps (PWAs) are websites designed to look and feel like native apps, which can be installed on devices without users realizing they are third-party applications.
ESET researchers have discovered that cybercriminals are exploiting this by creating fake banking PWAs to target iOS and Android users. These attackers use automated calls, SMS, and malicious ads to trick victims into installing these apps. Once installed, these phishing apps are nearly identical to legitimate banking apps, making them difficult to detect. ESET has identified attacks targeting banks in the Czech Republic, Hungary, and Georgia, and warns that more such fraudulent apps are likely to emerge.