Malicious Android apps deployed via WebAPK exploitation

Android users have been lured to install malicious web apps through the exploitation of the platform's WebAPK technology, according to The Hacker News. SMS phishing messages prompting the installation of a fake version of PKO Bank Polski's mobile banking app have been leveraged by attackers to facilitate their operations, with the link in the message redirecting to a site using WebAPK to enable the installation of the malicious app, a report from CSIRT KNF revealed. Attackers then exfiltrate credentials and two-factor authentication tokens they ask from users that have installed the fraudulent banking app. Such abuse of WebAPK technology has been detailed after Resecurity reported on the increasing use of specialized device spoofing tools in attacks aimed at Android devices. "Cybercriminals use these tools to access compromised accounts and impersonate legitimate customers by exploiting stolen cookie files, impersonating hyper-granular device identifiers, and utilizing fraud victims' unique network settings," said Resecurity.