A new line of malware infecting Android devices called FluHorse has been discovered by research firm Check Point.
According to PhoneArena, the FluHorse malware is spread via email and will steal credit card data, passwords, and even two-factor authentication (2FA) codes. Attacks, which have emerged in East Asia since 2022, typically begin with an email sent to a potential victim demanding immediate payment to fix problems with the account
The email contains a link that takes the victim to fake versions of the legitimate app. These fake apps include ETC – a toll-collection app in Taiwan and VPBank Neo – a banking app in Vietnam. The official version of each app has over 1 million installs from the Google Play Store. Check Point also detected a fake version of a real traffic app with 100,000 installs, but the specific name was not mentioned by the company.
To hijack any 2FA codes sent, the three apps will request SMS access. The fake apps copy the user interface of official apps but don’t do much other than collect user information, including credit card data. Then, to make it appear as if actual processing is going on, the display says “system is busy” for 10 minutes. But in reality, 2FA codes are being stolen along with personal information
Check Point says FluHorse is an ongoing threat to Android users, so it’s best not to give out personal information like credit card numbers and social security numbers online. Since this organized attack has been detected in several regions of the world, everyone needs to be vigilant about protecting their personal data.