- Cybercriminals are increasingly exploiting mobile browsers
- WordPress Committed Sites lead to Malicious PWA installation
- Both site owners and users can mitigate the threat
There is an increasing trend in the attacks on the client’s side, since cybercounts are increasingly exploiting mobile browsers to avoid traditional security controls.
This agrees with the latest “customer attack report Q2 2025”, published by security researchers C/Side. An attack on the “client side” is a type of safety rape that occurs in the user’s device (usually in your browser or mobile application), instead of on the server.
Based on extensive market research (committed domains, autonomous tracking, writing analysis promoted by AI and review of third -party javascript dependencies), the report says that cybercriminals are injecting malicious code in service workers and the logic of the progressive web application (PWA) of the popular issues of Word Press.
Weakest sandboxing
Once a mobile user visits an infected site, the browser’s graphic window is kidnapped using a full -screen Ifframe. Then the victim is attracted to install a false PWA, often disguised as adult theme APK or an encryption application, housed in rotating subdomains.
Mainly, applications are designed to persist on the device beyond the browser session and act as a long -term position. However, they can also steal login credentials (by falsifying login pages or browser indications), intercepting cryptocurrency wallet interactions and injecting malicious scripts. In some cases, applications can also kidnap session tokens.
Criminals are using different techniques to evade detection, including fingerprint techniques and tubes that prevent the payload from being activated in sandbox environments, or by automated scanners.
The mobile platform is getting more and more because web browsers have a weaker sandboxing and limited visibility of execution time, which makes them more vulnerable and susceptible to attacks. At the same time, C/SIDE says that users are more likely to trust full screen indications, or install suggested applications, without suspecting anything.
To mitigate the risk, there are things that both developers and end users can do, says C/Side. Developers and site operators must monitor and ensure third -party scripts, since these are a common delivery mechanism for malicious useful charges. C/SIDE also advocates real -time visibility of what scripts are executing in the browser, instead of depending solely on server side protections.
Users, on the other hand, must be careful when installing progressive web applications from unknown sources, and must be skeptical of unexpected login flows, particularly those that seem to come from Google.
