FluHorse malware attacks Android phones stealing personal data including passwords


A "strain" of malware infecting Android devices called FluHorse has been discovered by Check Point Research (via BleepingComputer) The malware is disseminated via email and will steal credit card data, passwords, and even two-factor authorization (2FA) codes. The attacks have been spotted in Eastern Asia since 2022 and usually start with an email sent to a potential victim demanding that an immediate payment be made to clear up a problem with an account.


The email includes a link taking the victim to fake versions of legitimate apps. These phony apps include ETC, which is a toll-collection app in Taiwan, and Vietnamese banking app VPBank Neo, a banking app in Vietnam. The real versions of each app have over 1 million installs each from the Google Play Store. Check Point also discovered that a fake version of a real transport app with 100,000 installs is also being used, but this app was not named


Apps mimicked by the FluHorse malware. Image credit Check Point Research


To hijack any 2FA codes sent, the three apps request SMS access. With 2FA, a user can open an app or website by typing in a password and a special code that is sent to the user's phone by text. The fake apps copy the UIs of the real apps but don't do much outside of collecting the user's information including credit card data. Then, to make it appear as though some real processing is going on, the screen says "system is busy" for 10 minutes. What's really happening is that 2FA codes are being stolen along with personal information.


How FluHorse works


According to Check Point, this is an active and ongoing threat to Android users and it is always best not to give away personal information like credit card numbers and social security numbers online. And just because this organized attack has been spotted in a different region of the world, it doesn't mean that you should be lax when it comes to safeguarding your personal data.



#buttons=(Accept !) #days=(20)

Our website uses cookies to enhance your experience. Learn More
Accept !