A new Android malware known as ‘FluHorse’ has been found, which targets Android users in Eastern Asia with malicious apps that look like legitimate versions with over 1,00,000 installs.
Check Point Research states these malicious apps are developed to steal sensitive information, including user credentials and Two-Factor Authentication (2FA) codes.
FluHorse malware targets multiple sectors in Eastern Asia and is typically distributed via email.
In some cases, high-profile entities such as government officials were targeted at the initial stages of the phishing email attack.
One of the most concerning aspects of FluHorse is its ability to go undetected for a long time, making it a constant and harmful threat that is hard to notice.
According to the report, FluHorse attacks start with targeted and malicious emails sent to high-profile people, urging them to take quick action to resolve an alleged payment issue.
Usually, the target is redirected to a phishing website through a hyperlink included in the email. Once there, they are prompted to download the fake application’s phoney APK (Android package file).
The FluHorse carrier apps mimic ‘ETC,’ a Taiwanese toll collection app, and ‘VPBank Neo,’ a Vietnamese banking app.
Both legitimate versions of these apps on the Google Play store have over a million downloads.
Moreover, the report said that upon installation, all three fake apps request SMS access to intercept incoming 2FA codes if required to hijack the accounts.
The fake apps mimic the original user interfaces but lack functionality beyond two to three windows that load forms that capture the victim’s information.
Following the capture of the victims’ account credentials and credit card information, the apps display a “system is busy” message for 10 minutes to make the process appear realistic while the operators act in the background to intercept 2FA codes and leverage the stolen data.
Also Read: Credentials database theft, reused passwords dangerous entryway