Security News > 2023 > May > New Android FluHorse malware steals your passwords, 2FA codes

New Android FluHorse malware steals your passwords, 2FA codes
2023-05-05 18:39

A new Android malware called 'FluHorse' has been discovered, targeting users in Eastern Asia with malicious apps that imitate legitimate versions.

The apps mimicked by the FluHorse carrier apps are 'ETC,' a toll-collection app used in Taiwan, and 'VPBank Neo,' a banking app in Vietnam.

Check Point has also observed the malware posing as a transportation app used by 100,000 people, but its name wasn't disclosed in the report.

All three fake apps request SMS access upon installation to intercept incoming 2FA codes in case it's needed to hijack the accounts.

After capturing the victims' account credentials and credit card details, the apps display a "System is busy" message for 10 minutes, likely to make the process appear realistic while the operators act in the background to intercept 2FA codes and leverage the stolen data.

CheckPoint warns that the FluHorse campaign is ongoing, with new infrastructure and malicious apps appearing each month, so this is an active threat for Android users.


News URL

https://www.bleepingcomputer.com/news/security/new-android-fluhorse-malware-steals-your-passwords-2fa-codes/