Security News > 2023 > May > New Android FluHorse malware steals your passwords, 2FA codes
A new Android malware called 'FluHorse' has been discovered, targeting users in Eastern Asia with malicious apps that imitate legitimate versions.
The apps mimicked by the FluHorse carrier apps are 'ETC,' a toll-collection app used in Taiwan, and 'VPBank Neo,' a banking app in Vietnam.
Check Point has also observed the malware posing as a transportation app used by 100,000 people, but its name wasn't disclosed in the report.
All three fake apps request SMS access upon installation to intercept incoming 2FA codes in case it's needed to hijack the accounts.
After capturing the victims' account credentials and credit card details, the apps display a "System is busy" message for 10 minutes, likely to make the process appear realistic while the operators act in the background to intercept 2FA codes and leverage the stolen data.
CheckPoint warns that the FluHorse campaign is ongoing, with new infrastructure and malicious apps appearing each month, so this is an active threat for Android users.
News URL
Related news
- New Android Malware 'Ajina.Banker' Steals Financial Data and Bypasses 2FA via Telegram (source)
- Android malware uses NFC to steal money at ATMs (source)
- New NGate Android malware uses NFC chip to steal credit card data (source)
- Cybercriminals Deploy New Malware to Steal Data via Android’s Near Field Communication (NFC) (source)
- New Android Malware NGate Steals NFC Data to Clone Contactless Payment Cards (source)
- SpyAgent Android malware steals your crypto recovery phrases from images (source)
- New Android SpyAgent Malware Uses OCR to Steal Crypto Wallet Recovery Keys (source)
- Beware: New Vo1d Malware Infects 1.3 Million Android-based TV Boxes Worldwide (source)
- New Vo1d malware infects 1.3 million Android TV streaming boxes (source)
- New Vo1d malware infects 1.3 million Android streaming boxes (source)