
PWA Phishing Attacks Targeting Mobile Banking: The Next Generation Cyber Threat
Indicators of Compromise
Campaign Guidance
Remediation, mitigation, notes, history and related intelligence
REMEDIATION
T1660 Phishing
ID | Data Source | Data Component | Detects |
Mobile security products may provide URL inspection services that could determine if a domain being visited is malicious. | |||
Enterprises may be able to detect anomalous traffic originating from mobile devices, which could indicate compromise. |
T1417.002 Input Capture: GUI Input Capture
ID | Data Source | Data Component | Detects |
Application vetting services can look for applications requesting the android.permission.SYSTEM_ALERT_WINDOW permission in the list of permissions in the app manifest. | |||
An Android user can view and manage which applications hold the SYSTEM_ALERT_WINDOW permission through the device settings in Apps & notifications -> Special app access -> Display over other apps (the exact menu location may vary between Android versions). |
T1437.001 Application Layer Protocol: Web Protocols
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.