Novel technique allows malicious apps to escape iOS and Android guardrails

Phishers have found a way to bypass safeguards on mobile phone operating systems Android and iOS, tricking users into downloading malicious apps that look exactly like their banking apps. Once downloaded, the apps obtain the user’s banking information and send it to the attackers. The apps are installed directly and bypass warnings about unknown apps due to the use of Progressive Web Apps and WebAPKs. It has mostly targeted users in Czechia, less so Hungary and Georgia and two threat groups have been identified.