Security researcher ESET has published a report on a new phishing attack in which hackers attempt to obtain banking login information by using a technique to circumvent Apple's App Store and its gatekeeping methods and security checks.
This phishing campaign pretends to be a call from the bank, informing users that their banking app is out of date. A pop-up appears asking them to select an option, after which a phishing link is sent via SMS message. When users tap on the link, they are presented with a screen that mimics an app store installation. ESET has observed an installation screen that mimics the Google Play Store, but not the Apple App Store. ESET was unable to confirm whether this scam involves a fake Apple App Store installation screen, but the attack targets iOS users. X The post shows what the screen looks like:
The installed app is a Progressive Web Application (PWA), which is essentially a website that appears as an app on your phone (often called a “web app”). The web app is designed to look like a banking app, and once the user enters their username, password and other information, it is sent to a server controlled by the attacker.
How to protect yourself from attacks
Progressive Web Applications themselves are nothing special or generally harmless. In fact, Apple encouraged developers to build web apps before it opened up the iPhone to third-party apps and created the App Store. Even in the App Store today, many apps, especially those for financial institutions and retailers, are essentially repackaged web apps.
The attack was observed by a banking client in Czechoslovakia, and ESET has reported attacks that occurred in Georgia, Hungary and Poland. ESET has not mentioned any attacks that occurred in the US or UK.
If you're an iPhone user with a banking app, the safest way to get app updates is through the App Store. The App Store posts update notifications on your account profile, where you can install the updates. You can also check the app's entry in the App Store. Don't open links you receive in text messages. Learn more about iPhone malware and viruses here, including tips on how to protect your phone from hackers.