Hackers Target Bank Customers with Fake App Updates via WebAPKs
Google Play Store has taken steps to safeguard users from malware by requiring a valid D-U-N-S number for new app submissions. However, cybercriminals have devised a new method to deceive users into installing malicious apps through WebAPKs, bypassing the Play Store’s security measures. Recently, security researchers discovered a campaign exploiting WebAPKs to trick victims. Hackers send fake messages, posing as banks, prompting users to update their banking apps. The links provided in these messages lead to websites that install malicious apps on users’ phones, enabling hackers to steal sensitive information, such as login credentials and 2FA codes, ultimately accessing and stealing money from their bank accounts. The malicious apps utilizing WebAPK technology are challenging to track because they appear with different names and codes on each device. These cybercriminals exploit Android’s WebAPK technology to manipulate people into installing deceptive web apps thr...