In a recent discovery, cybersecurity researchers have identified a new campaign that utilizes malicious JavaScript injections to redirect mobile site visitors to a Chinese adult-content Progressive Web App (PWA) scam. This method of delivery is unique and aims to keep users on the malicious landing page by presenting it as a full-fledged PWA, potentially bypassing basic browser protections. The campaign specifically targets mobile users, filtering out desktop users, and is classified as a client-side attack that activates only on mobile devices.
The use of PWAs in this campaign is a strategic move to imitate the user experience of native apps while evading security measures. PWAs are web-based applications that offer a similar experience to platform-specific apps like those designed for Windows, Android, or iOS. By injecting websites with JavaScript code, the attackers trigger redirections on Android, iOS, and iPadOS devices, leading users to adult content sites or intermediary pages promoting adult content viewing apps. Subsequently, victims are directed to fake app store listings for Android and iOS apps related to adult content.
According to researcher Himanshu Anand, the adoption of PWAs in these attacks indicates a shift towards more persistent phishing techniques. By focusing solely on mobile users, the attackers are able to evade detection mechanisms, posing a significant threat to unsuspecting individuals. This campaign underscores the importance of staying vigilant while browsing online and being cautious of unexpected redirects or prompts to download apps.
Source link