Security News > 2023 > May > New Android FluHorse malware steals your passwords, 2FA codes
A new Android malware called 'FluHorse' has been discovered, targeting users in Eastern Asia with malicious apps that imitate legitimate versions.
The apps mimicked by the FluHorse carrier apps are 'ETC,' a toll-collection app used in Taiwan, and 'VPBank Neo,' a banking app in Vietnam.
Check Point has also observed the malware posing as a transportation app used by 100,000 people, but its name wasn't disclosed in the report.
All three fake apps request SMS access upon installation to intercept incoming 2FA codes in case it's needed to hijack the accounts.
After capturing the victims' account credentials and credit card details, the apps display a "System is busy" message for 10 minutes, likely to make the process appear realistic while the operators act in the background to intercept 2FA codes and leverage the stolen data.
CheckPoint warns that the FluHorse campaign is ongoing, with new infrastructure and malicious apps appearing each month, so this is an active threat for Android users.
News URL
Related news
- New FireScam Android malware poses as RuStore app to steal data (source)
- New FireScam Android data-theft malware poses as Telegram Premium app (source)
- FireScam Android Malware Poses as Telegram Premium to Steal Data and Control Devices (source)
- DoNot Team Linked to New Tanzeem Android Malware Targeting Intelligence Collection (source)
- Crypto-stealing iOS, Android malware found on App Store, Google Play (source)
- SpyLend Android malware downloaded 100,000 times from Google Play (source)