Home Internet, Software & Apps Hackers tricking Android users into installing harmful apps via bank texts

Hackers tricking Android users into installing harmful apps via bank texts

To protect against such threats, it is advised to block websites that exploit the WebAPK mechanism for phishing attacks.

By Vivek Singh Chauhan -

Published On: July 18, 2023

Highlights

Hackers are using WebAPK to trick Android users into unknowingly installing harmful apps.
Cybercriminals send text messages to banking customers, claiming they need to update their mobile banking app.
WebAPK enables Android users to install progressive web apps (PWAs) directly on their home screen without using the Play Store.

Tech giant Google is taking steps to enhance the security of its Play Store against malware by introducing new requirements for developers. However, in response, hackers have shifted their tactics and are exploiting Android's WebAPK technology to deceive users into unknowingly installing harmful apps. Here's how.

Show Full Article

When attempting to infect Android phones with malware, hackers typically trick users into installing a malicious app by sideloading an APK (Android Package Kit) file. However, a new technique has emerged that is even simpler for hackers to execute, as it eliminates the need for users to sideload the malicious app.

As per a report by The Hacker News, security researchers from the Polish Financial Supervision Authority's Computer Security Incident Response Team (CSIRT KNF) uncovered a recent campaign. In this campaign, cybercriminals send text messages to banking customers, claiming they need to update their mobile banking app.

In addition to the instructions, these messages include a link for users to update their app. However, instead of directing them to the trusted Play Store or another official Android app store, the link exploits WebAPK technology to install a malicious app onto their smartphone.

Here's how hackers might trick Android users

WebAPK is a technology that allows Android users to install progressive web apps (PWAs) on their device's home screen without going through the Google Play Store. Google's documentation explains that when a user installs a PWA using WebAPK, a process called "minting" occurs. This process involves the creation and signing of an APK for the PWA.

After the minting process is complete, the browser automatically installs the app on the user's device without any notifications or prompts. Since the APK is signed by trusted providers, the phone installs it without compromising security, treating it like any app from an official store. This means there's no need for users to manually sideload the app.

In the case of a reported fake banking app called "org.chromium.webapk.a798467883c056fed_v2," once the malicious app is successfully installed, it tricks users into providing their login credentials and two-factor authentication (2FA) tokens. This deceitful action ultimately results in the theft of their personal information.

It should be noted that to protect against such threats, it is advised to block websites that exploit the WebAPK mechanism for phishing attacks.

Join 91mobiles WhatsApp Channel