Beware of this new android malware that steals your passwords: Know-more

Follow us on

A new Android malware known as 'FluHorse' has been discovered, which targets users in Eastern Asia with malicious apps that look like legitimate versions with over 1,00,000 installs. FluHorse malware targets multiple sectors in Eastern Asia and is typically distributed via email. In some cases, high-profile entities such as government officials were targeted at the initial stages of the phishing email attack.

According to Check Point Research, these malicious apps are designed to extract sensitive information, including user credentials and Two-Factor Authentication (2FA) codes.

One of the most concerning aspects of FluHorse is its ability to go undetected for long periods of time, making it a persistent and dangerous threat that is difficult to detect. According to the report, FluHorse attacks start with targeted and malicious emails sent to high-profile individuals, urging them to take immediate action to resolve an alleged payment issue.

Usually, the target is directed to a phishing website through a hyperlink included in the email. Once there, they are prompted to download the phoney APK (Android package file) of the fake application.

ALSO READ: WhatsApp to bring new 'channels lists' feature for iOS

The FluHorse carrier apps mimic 'ETC,' a Taiwanese toll collection app, and 'VPBank Neo,' a Vietnamese banking app. On Google Play, both legitimate versions of these apps have over a million downloads. Moreover, the report said that upon installation, all three fake apps request SMS access in order to intercept incoming 2FA codes in case they are required to hijack the accounts.

The fake apps mimic the original user interfaces but lack functionality beyond two to three windows that load forms that capture the victim's information.

Related Stories

WhatsApp is developing split-view feature for android tablets: Here's what you need to know

Google issues urgent warning of 18 critical bugs found in mass-level Android phones

WhatsApp Update: New chat attachment menu for Android beta users revealed

This company is making an Android phone that is as tiny as a mini iPhone

WhatsApp launches official chat feature for Android and iOS

This WhatsApp update will fix the expiration bug on Android beta

How to stop the spam calls on your smartphone?

How to clear WhatsApp storage on Android: Step-by-step guide

How to easily make a conference call on your Android and iPhone

Backup photos on your android device using google photos or dropbox: Step by step guide

Third-party android apps to help you change the way you use WhatsApp

Switching from iPhone to Android? Here's how to transfer your iCloud contacts to Google

YouTube Music launches 'real-time lyrics' for Android and iOS

WhatsApp to introduce expiring groups feature soon: What to expect

Google releases first public Beta for Android 14 OS

Goldoson malware infects 60 Google Play apps with 100 million downloads

Telegram launches shareable chat folders, custom wallpapers

India leads global refurbished smartphone market, Apple captures 49% share

Google, Samsung partners to fix Android's background app limitations

ALSO READ: 8 secret smartphone codes you must know

Following the capture of the victims' account credentials and credit card information, the apps display a "system is busy" message for 10 minutes to make the process appear realistic while the operators act in the background to intercept 2FA codes and leverage the stolen data.

ALSO READ: ONDC: Swiggy, Zomato have a got a new competitor - How does it work?

Inputs from IANS