Skip to content
SPECIAL

THREATS TO CRITICAL INFRASTRUCTURE IN IRAN CONFLICT

READ MORE

Hackers target mobile users using PWA JavaScript to bypass browser security

(tsmr / Pixabay)

By Aman Mishra

A sophisticated new injection campaign has been uncovered, targeting mobile users through malicious third-party JavaScript to deliver a Chinese adult-content Progressive Web App (PWA) scam.

This attack, which redirects users to sites like hxxps://xjdm166[.]com, leverages the unique capabilities of PWAs to retain users longer and evade traditional browser security mechanisms.

Unlike typical phishing attempts, this campaign employs a full-blown PWA as its landing page, indicating a shift toward more persistent and deceptive delivery methods.

Read more at GBHackers

Click to listen highlighted text!