Users being tricked into installing malicious bank account apps! Know 4 ways to stay safe
After Google Play Store launched a crackdown, cybercriminals have turned their attention elsewhere and are now exploiting WebAPKs to trick users into installing malicious apps.
Google Play Store has over 2.5 million apps for any and all tasks imaginable under the Sun. However, there have been numerous instances where Android users have downloaded apps from the Play Store and their devices got infected with malware. While Google's Play Protect screens apps before they get onto the platform, some of them can slip through. To protect its users against malware, Google recently announced measures such as the requirement of a valid D-U-N-S (Data Universal Number System) number to submit new apps.
This has forced cybercriminals to think of new ways of duping victims, and a recent campaign has been discovered where they forced victims into installing apps not through the Google Play Store, but through WebAPKs.
According to a report by HackerNews, security researchers at the Polish Financial Supervision Authority's Computer Security Incident Response Team (CSIRT KNF) have revealed that cybercriminals have been exploiting WebAPKs and tricking users into installing malicious apps.
How does it work?
As per the report, hackers send fake messages to victims, telling them to update the banking apps on their phones. The message also contains a link to an external website that uses WebAPK technology to install malicious apps onto the device. The fake banking app used in this campaign was PKO Bank Polski, a Polish multinational bank and financial services company.
The app asked users to enter their credentials and the 2FA authentication code and this allowed hackers to empty the victim's bank account. The report further states that WebAPKs are particularly hard to track since they have a different package name and checksum on every device.
How do hackers exploit WebAPKs?
Like sideloading APKs, WebAPKs also allow users to install apps through the web browser. According to Google, “When a user installs a PWA from Google Chrome and a WebAPK is used, the minting server “mints” (packages” and signs an APK for the PWA.” That means the package automatically gets signed by the provider and does not trigger any security flag. Although it is a quite time taking process, the WebAPK silently gets installed onto the device.
In a statement, CSIRT KNF said, “They are dynamically built by the Chrome engine, which makes the use of this data as Indicators of Compromise (IoC) difficult.”
How to protect yourself against such attacks?
1. Only install apps from official sources such as the Google Play Store.
2. Never download any apps from third-party app stores.
3. Do not open any links from any of the text messages you receive. Banks never ask customers to install any app from a given link.
4. Install antivirus and antimalware software on your smartphone to keep it safe from any potential threat.