Jun 13, 2024
News, Phishing, RSS
A security researcher, known on the web as mr.d0x, He released and toolkit for carrying out phishing operations using Progressive Web Apps (PWAs).
PWAs are applications created with web technologies such as HTML, CSS and JavaScript that can be installed on the device in order to have a behavior very similar to the native one. The problem, explains the researcher, is that it is possible manipulate the user interface to carry out phishing attackswith the aim of stealing the entered credentials.
When the victim accesses the website controlled by the attacker, they can click on the “Install as Microsoft application” button to download and install the app on their device. After installation, the app navigates the user to a phishing web page which presents a login form. At this point the attacker only has to collect the entered credentials and use them for other purposes.
Credits: mr.d0x
The researcher shared the toolkit code on GitHub to allow anyone to modify it and adapt it to their own test scenarios.
Contacted by Bleeping Computer, the researcher explained that users who do not use PWAs may be more exposed to this attack because they don't know that applications of this type should not have a URL bar. “While Chrome appears to have taken steps against this issue by periodically displaying the actual domain in the title bar, I believe people's habit of “checking the URL” will make this measure less useful” added the researcher.
Mr.d0x also specified that today almost no cybersecurity program mentions Progressive Web Apps as a phishing mechanism and that users' lack of familiarity with these applications could make the technique very effective. “I see this technique used by attackers to ask users to install software and then phishing occurs in the PWA window” concluded mr.d0x.
GIPHY App Key not set. Please check settings