the tech boomer
the tech boomer

Helping you navigate the world of tech without having to call your grandkids

Table of Contents

a cell phone with a PWA bank app on it

Hackers Exploiting PWAs to Impersonate Banking Apps and Steal Passwords

People are being tricked into installing PWAs. Apps that will steal their passwords.

Understanding PWAs

Progressive Web Apps (PWAs) are designed to look and function like any other app you might download from the Apple App Store or Google Play Store. However, they differ in their construction. Essentially, a PWA is a website that has been packaged to behave like a normal app. Many people unknowingly have PWAs installed on their devices.

Popular Examples of PWAs

  • Starbucks
  • Pinterest
  • Uber
  • Spotify

The Potential Risk of PWAs

While PWAs are legitimate and widely used by reputable companies, their structure allows them to be exploited by cybercriminals.

How Hackers Exploit PWAs

A common tactic used by hackers involves sending a text message or email that appears to be from your bank. The message claims that your current banking app is obsolete and prompts you to install a new version from a provided link. Trusting that Apple and Google rigorously screen apps in their stores for malware, you may feel safe and proceed to download and install the app.

Once installed, the app will ask for your login credentials. After entering your information, the app may display a message such as “All servers are busy right now, please try later.” But you have just unknowingly sent your banking credentials to a hacker.

How PWAs Bypass Phone Security

Apple and Android devices have security measures that restrict where apps can be installed from. While they both allow third-party apps, explicit permission must be given.

However, because PWAs are essentially websites disguised as apps, your phone may not recognize them as traditional apps, allowing them to be installed from any source. The “App Store” you visited could be entirely fake, along with the app itself, making it easy for hackers to steal your information.

Protecting Yourself

  1. Be Skeptical of Installation Requests: Never trust a text or email asking you to install anything, even if it appears legitimate. If you believe the message might be authentic, manually check your phone’s app store for updates.  
  2. Enable 2-Factor Authentication (2FA): Also known as Multi-Factor Authentication (MFA), 2FA adds an additional layer of security by requiring you to verify your identity through another method, typically via text message. More information on 2FA can be found here.

These precautions offer substantial protection, but remain vigilant. Even 2FA can be bypassed if you’re not careful. Learn more about potential 2FA vulnerabilities here.

In Conclusion

Progressive Web Apps (PWAs) are a legitimate way for companies to distribute apps, and you may already have several on your device. However, the same structure that makes them convenient can also be exploited by hackers. To protect yourself, be cautious about installing apps from unsolicited messages and always use 2FA on sensitive accounts

As always, if you have a question about this or any other post, please leave a comment below, or you can email me at larry@thetechboomer.com.

Share This To Your Favorite Social Media

Facebook
Twitter
LinkedIn
Subscribe
Notify of
guest
0 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments

The Tech Boomer On The Socials

Ask me any tech question on Facebook or Twitter,
or email me at
larry@thetechboomer.com

Subscribe to The Tech Boomer

And receive updates whenever a new article is published.

I Want To Learn About...
(Click Below)

The Tech Boomer is Powered by

hostinger logo

Click here for 75% off Hosting

All files backed up with

IDrive Cloud Backup

Sign up here and save 90% off of your first year

Hold On!
Subscribe to The Tech Boomer
and get notified whenever a new article
is published.
If you already have, thank you.