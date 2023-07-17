Threat actors have exploited Android’s WebAPK technology to lure unsuspecting users into installing malicious apps. Victims received SMS messages instructing them to update a mobile banking application, and the included link would install malicious software instead.

The malware mimics PKO Bank Polski’s application. The bank and financial services company is based in Warsaw, Poland. Android’s WebAPK service is designed to let users install progressive web apps (PWAs) directly from the internet, bypassing the Google Play Store. Trusted providers sign the APK before installation, so the phone accepts the application without disabling security measures. The fake banking app immediately asks users to enter their two-factor authentication credentials and gains access to their accounts. To mitigate risk, users can block websites that use the WebAPK mechanism.

