New phishing method targets Android and iPhone users

ESET researchers found an unusual phishing campaign that installs a rogue app from a third party site without needing user permission for third-party app installations. The phishing websites instructed victims to add a Progressive Web Application (PWA) to their home screens. These PWAs, which function like standalone apps, were mostly indistinguishable from legitimate banking apps on both iOS and Android operating systems. This technique targets users of both mobile platforms.