- Cyber criminals are increasingly utilizing mobile browsers
- Compromed WordPress Web site leads to the installation of malicious PWAs
- Both site owners and users can mitigate the threat
There is a growing trend in attacks on the client side as cyber criminals are increasingly utilizing mobile browsers to bypass traditional security checks.
This is according to the latest “Client-Side Report Q2 2025”, published by Security Researchers C/Side. A “client side” attack is a type of security breach that occurs on the user’s device (typically in their browser or mobile app) rather than on the server.
Based on comprehensive studies of the market (compromised domains, autonomous search, AI-driven manuscript analysis and behavioral review of third-party Javascript dependencies), the report Cyber Criminals injects malicious code in service workers and the progressive web app (PWA) logic of popular WordPress themes.
Weaker sandbox
When a mobile user visits an infected location, the browser display gate is hijacked using a full-screen digit. The victim is then lured to install a fake pwa, often disguised as an APK with adult theme or a crypto app hosting rotating subdomains.
Primarily, apps are designed to continue on the device beyond the browser session and act as a long -term footing. However, they can also steal login -legitimation information (by adulterating login pages or browser printings), listening to cryptocurrency -tejtogs interactions and draining assets by injecting malicious manuscripts. In some cases, apps can also hijack session -tokens.
The criminals use various techniques to avoid detection, including fingerprints and connectivity techniques that prevent the payload from triggering in sand -boxed environments or by automated scanners.
The mobile platform is increasingly targeting because web browsers have weaker sandbox and limited runtime visibility, making them more vulnerable and susceptible to attacks. At the same time, C/Side says users are more likely to rely on full -screen writings or install suggested apps without suspecting anything.
To mitigate the risk, there are things that both developers and end users can do, says C/Side. DEVS and site operators must monitor and secure third-party scripts as this is a common delivery mechanism for malicious payload. C/Side also advocates visibility in real time in what manuscripts perform in the browser, rather than relying solely on the protection of the server side.
Users on the other hand must be careful when installing progressive web apps from unknown sources, and should be skeptical of unexpected login streams, especially those that appear to come from Google.
