 "New Android malware discovered that steals your passwords, 2FA codes")
A new Android malware known as 'FluHorse' has been discovered, which targets users in Eastern Asia with malicious apps that look like legitimate versions with over 1,00,000 installs.
According to Check Point Research, these malicious apps are designed to extract sensitive information, including user credentials and Two-Factor Authentication (2FA) codes.
FluHorse malware targets multiple sectors in Eastern Asia and is typically distributed via email.
In some cases, high-profile entities such as government officials were targeted at the initial stages of the phishing email attack.
One of the most concerning aspects of FluHorse is its ability to go undetected for long periods of time, making it a persistent and dangerous threat that is difficult to detect.
According to the report, FluHorse attacks start with targeted and malicious emails sent to high-profile individuals, urging them to take immediate action to resolve an alleged payment issue.
Usually, the target is directed to a phishing website through a hyperlink included in the email. Once there, they are prompted to download the phoney APK (Android package file) of the fake application.
The FluHorse carrier apps mimic 'ETC,' a Taiwanese toll collection app, and 'VPBank Neo,' a Vietnamese banking app.
On Google Play, both legitimate versions of these apps have over a million downloads.
Moreover, the report said that upon installation, all three fake apps request SMS access in order to intercept incoming 2FA codes in case they are required to hijack the accounts.
The fake apps mimic the original user interfaces but lack functionality beyond two to three windows that load forms that capture the victim's information.
Following the capture of the victims' account credentials and credit card information, the apps display a "system is busy" message for 10 minutes to make the process appear realistic while the operators act in the background to intercept 2FA codes and leverage the stolen data.
--IANS
shs/svn/
(Only the headline and picture of this report may have been reworked by the Business Standard staff; the rest of the content is auto-generated from a syndicated feed.)
You’ve reached your limit of {{free_limit}} free articles this month.
Subscribe now for unlimited access.
Already subscribed? Log in
Subscribe to read the full story →
Smart Quarterly
₹900
3 Months
₹300/Month
Smart Essential
₹2,700
1 Year
₹225/Month
Super Saver
₹3,900
2 Years
₹162/Month
Renews automatically, cancel anytime
Here’s what’s included in our digital subscription plans
Exclusive premium stories online
Over 30 premium stories daily, handpicked by our editors
Complimentary Access to The New York Times
News, Games, Cooking, Audio, Wirecutter & The Athletic
Business Standard Epaper
Digital replica of our daily newspaper — with options to read, save, and share
Curated Newsletters
Insights on markets, finance, politics, tech, and more delivered to your inbox
Market Analysis & Investment Insights
In-depth market analysis & insights with access to The Smart Investor
Archives
Repository of articles and publications dating back to 1997
Ad-free Reading
Uninterrupted reading experience with no advertisements
Seamless Access Across All Devices
Access Business Standard across devices — mobile, tablet, or PC, via web or app