Hackers Exploit WEBAPK To Install Malware On Android Devices

VTA-00446 – Hackers Exploit WEBAPK To Install Malware On Android Devices

According to the most recent research, Android devices are the target of a brand-new, highly sophisticated attack using Webapk technology. Through a Smishing attempts, the threat actors convince the victim to install malicious web apps by pretending to be trustworthy banking providers. The threat actors first send the targeted victims SMS messages urging them to click a link in the message to update their banking applications. The user is redirected to a website employing Web APK technology via the URL placed in the message, where they can download dangerous software. A technique known as Webapk enables the development of online applications that may be installed and used similarly to native Android apps. Without using the Google Play Store, WebAPK enables the installation of online applications directly from the browser. The application asks for user credentials after installation and presents itself as a banking application. Due to the potential to install a malicious application without displaying the standard warnings associated with installs from untrusted sources, this exploit offers a major hazard. The application displays in the system settings as installed by Google Play Protect since it is signed with the Google Chrome certificate. The creation of unique package names and checksums by WebAPK applications on each device makes it challenging to defend against such attacks. 

Severity:
Medium

Attack Surfaces:
Mobile Application, Mobile OS, Web Application, Web Browser

Tactics:
Credential Access, Execution, Lateral Movement, Persistence, Privilege Escalation

Techniques:
T1176 – Browser Extensions,
T1106 – Native API,
T1104 – Multi-Stage Channels,
T1088- Bypass User Account Control,
T1111- Two-Factor Authentication

References:
1. https://www.linkedin.com/pulse/using-webapk-technology-phishing-attacks-csirt-knf/
2. https://cybersecuritynews.com/hackers-use-webapk-malware/

SuperPRO’s Threat Countermeasures Procedures: 
1. Detect and block websites that uses the WebAPK mechanism.
2. On Android devices, ensure that Google Play Protect is enabled.
3. Exercise caution when granting permissions to applications.
4. Regularly update your devices, operating systems, and applications to the latest versions.
5. Secure your banking information by following best practices for data security. Use strong, unique passwords and consider using a password manager.

Contributed by:  Varrumen

Comments are closed.