Hackers Use WebAPK to Install Malware as Native Application on Android Device
The most fresh study finds a brand fresh refined attack carried by Webapk technology focusing on Android units.
The possibility actors manipulate the user to install malicious web apk by a Smishing are trying by impersonating legit banking sources.
The CSIRT KNF team applied an intensive evaluation of a domain reported by RIFFSEC and printed its consequence of their most recent article.
Malware as Native Utility
On the foundation, the possibility actors ship sms to the centered victims suggesting they replace the banking utility by clicking the hyperlink.
The hyperlink embedded in the message redirects the user to the placement the utilization of Internet APK technology to come by malicious applications.
Webapk refers to a technology that allows for the appearance of web applications that will additionally be installed and jog like native Android apps.
WebAPK permits the installation of web applications straight from the browser with out the must explain the Google Play Store.
As soon as the utility is installed, it looks to be like a banking utility and asks user credentials for authorization.
This attack poses a extreme possibility due to the flexibility to install a malicious utility with out displaying identical outdated warnings linked to installations from untrusted sources.
The utility is signed with the Google Chrome certificates, which is why it looks to be in the system settings as installed by Google Play Offer protection to.
WebAPK applications originate odd kit names and checksums on each and every instrument, making such attacks advanced to defend in opposition to.
Indicators of Compromise (IoC) are advanced to make basically the most of for the reason that Chrome engine dynamically builds them.
Suggestions:
Detection of such applications by antivirus programs is advanced and continuously very now not going.
For that reason, regarded as one of many handiest programs to forestall the attack
is by detecting and blocking off web sites that explain the WebAPK mechanism to destroy phishing attacks.
Suggest an blueprint concerned with figuring out and blocking off these sites to minimize the possibility to customers.
Hashes
MD5: ae12fd46fe868dc4384db26e6f745cce
SHA1: 1c24f4398caae9179028b5415ed980f0ad18f4a7
SHA256: 113be611bcb64b04dfaca2481d8108e94ff41a56fb81f8aef190d4161acd983d
md5: 6504436573451911f10b2be6ad7d560c
sha1: 0fa9a1b93dac4cc5a0a88d08f6949dc11e5275b0
sha256:fe71ef0d9897374f009d3c930c3eac31f523a29d42ad4898f366b1f220769bd1
Source credit : cybersecuritynews.com