Stay Alert While Installing Apps

Understanding the modus operandi of misusing PWAs and WebAPKs by cyber fraudsters is of utmost importance to remain safe.

STC Monitoring Desk
December 30 (STC): In the fast-growing advanced technology landscape, cybercriminals are always ready with their innovations to rob gullible technology-users of their identity and funds. If the progressive web apps (PWAs) and web application packages (WebAPKs) are proving powerful technology tools to link web and mobile applications, the cybercriminals are already on the job to exploit this link to target users with nefarious designs.
What are progressive web apps (PWAs)?
These apps combine best features of web and mobile apps, such as responsiveness, offline capabilities, and push notifications. Acting as a cross-platform, PWAs can be installed directly from the browser. These bypass app stores and don’t need any vetting.
What are web application packages (WebAPKs)?
These application packages extend PWAs further ahead. They actually package a PWA into an APK (Android package kit), to enable its function as a native Android app. PWAs are allowed by these app packages to get integrated into the Android ecosystem, complete with app icons, notifications, and access to certain device features.
However, understanding the modus operandi of misusing PWAs and WebAPKs by cyber fraudsters is of utmost importance to remain safe.
How the fraudsters mislead users? In this regard, IT experts, having expertise in cyber security, shared following information with Straight Talk Communications:
Malware Delivery: Fraudsters taking advantage of WebAPKs bypassing traditional app stores distribute malware or spyware disguised as helpful tools or entertainment apps.
Imitated Apps: Cyber fraudsters have the ability to create malicious PWAs or WebAPKs just resembling actual applications. They trick users into installing these fake applications and rob them of their identity and funds.
Misusing Push Notification: Since PWAs and WebAPKs have push notification feature, cybercriminals use this feature to push phishing messages, malicious links, or fraudulent offers to trap users into sharing personal data. Even the users are lured to install harmful software.
Fake Domains: Cybercriminals create fake domains that closely resemble the trusted brands. This way they deceive users and make them to share their credentials. Once the fraudsters extract their credentials, they lay hand on their bank accounts and rob them of their money.
How to safeguard from malicious PWAs and WebAPKs?
It is challenging for users to distinguish between genuine and malicious applications. However, the risks can be mitigated. The user has to show proactive approach to cybersecurity guidelines.
Here are a few suggestions shared by cybersecurity experts with Straight Talk Communications:
•⁠ ⁠Users need to be cautious when installing PWAs or WebAPKs from unknown sources. They should stick to trusted and verified websites. It is important for them to familiarise themselves with the authentic web URLs and branding of apps that they use frequently to identify potential spoofing attempts.
•⁠ ⁠Use PWA with HTTPS. A secure connection is indicated by a padlock icon in the browser’s address bar. Avoid entering sensitive information on PWAs hosted on HTTP-only domains.
•⁠ ⁠Browsers like Chrome and Firefox include features to detect and block malicious websites and PWAs. Enable these protections. Also, use ad blockers or anti-phishing extensions to filter out malicious ads and pop-ups that might lead to fake PWAs.
•⁠ ⁠Cross-check the source of a PWA or WebAPK before installation. Use app stores when possible, as they offer an additional layer of security.
•⁠ ⁠Be wary of PWAs or WebAPKs requesting unnecessary permissions, such as access to contacts, messages, or locations.
•⁠ ⁠Always update your devices, operating systems (OS), apps and browsers to benefit from the latest security patches. And use robust antivirus and anti-malware solutions to detect and block malicious applications.(STC)