𝗜𝗻 𝗮 𝘁𝗿𝗼𝘂𝗯𝗹𝗶𝗻𝗴 𝗱𝗲𝘃𝗲𝗹𝗼𝗽𝗺𝗲𝗻𝘁, 𝗰𝘆𝗯𝗲𝗿𝗰𝗿𝗶𝗺𝗶𝗻𝗮𝗹𝘀 𝗵𝗮𝘃𝗲 𝗯𝗲𝗴𝘂𝗻 𝘂𝘀𝗶𝗻𝗴 𝗽𝗿𝗼𝗴𝗿𝗲𝘀𝘀𝗶𝘃𝗲 𝘄𝗲𝗯 𝗮𝗽𝗽𝗹𝗶𝗰𝗮𝘁𝗶𝗼𝗻𝘀 (𝗣𝗪𝗔𝘀) 𝘁𝗼 𝗶𝗺𝗽𝗲𝗿𝘀𝗼𝗻𝗮𝘁𝗲 𝗯𝗮𝗻𝗸𝗶𝗻𝗴 𝗮𝗽𝗽𝘀 𝗮𝗻𝗱 𝘀𝘁𝗲𝗮𝗹 𝗰𝗿𝗲𝗱𝗲𝗻𝘁𝗶𝗮𝗹𝘀 𝗳𝗿𝗼𝗺 𝘂𝗻𝘀𝘂𝘀𝗽𝗲𝗰𝘁𝗶𝗻𝗴 𝗔𝗻𝗱𝗿𝗼𝗶𝗱 𝗮𝗻𝗱 𝗶𝗢𝗦 𝘂𝘀𝗲𝗿𝘀. These PWAs, which users can install directly from their browsers, mimic the look and feel of legitimate apps while secretly harvesting sensitive data. The challenge here is that PWAs can bypass typical app installation safeguards, making it easier for threat actors to trick users into granting risky permissions without triggering the usual security warnings.

This technique, first spotted in Poland in July 2023, has since spread to other countries, including the Czech Republic, Hungary, and Georgia. For users, the main pain point is the growing difficulty in distinguishing between genuine apps and cleverly disguised phishing tools. The implications are severe—unauthorized access to financial accounts can lead to significant financial losses and long-lasting damage to trust in digital banking.

To protect against this evolving threat, users should be cautious about installing apps directly from web browsers, even if they appear legitimate. Stick to downloading apps only from official app stores, where security checks are more stringent. Financial institutions must also educate their customers about the risks of PWAs and invest in developing stronger detection mechanisms to flag suspicious activity. Additionally, enabling multi-factor authentication (MFA) on banking accounts can provide an extra layer of security, making it harder for attackers to gain access even if credentials are compromised. By staying vigilant and adopting these best practices, both users and institutions can reduce the risk of falling victim to these sophisticated phishing campaigns.