Hackers target mobile users using PWA JavaScript to bypass browser security
A sophisticated new injection campaign has been uncovered, targeting mobile users through malicious third-party JavaScript to deliver a Chinese adult-content Progressive Web App (PWA) scam.
This attack, which redirects users to sites like hxxps://xjdm166[.]com, leverages the unique capabilities of PWAs to retain users longer and evade traditional browser security mechanisms.
Unlike typical phishing attempts, this campaign employs a full-blown PWA as its landing page, indicating a shift toward more persistent and deceptive delivery methods.
Read more at GBHackers