Close Menu
    Mobile

    FluHorse malware attacks Android phones stealing personal data including passwords

    FluHorse malware attacks Android phones stealing personal data including passwords

    A “pressure” of malware infecting Android units known as FluHorse has been found by Check Point Research (by way of BleepingComputer) The malware is disseminated by way of e-mail and can steal bank card data, passwords, and even two-factor authorization (2FA) codes. The attacks have been noticed in Eastern Asia since 2022 and normally begin with an e-mail despatched to a possible sufferer demanding that an instantaneous fee be made to clear up an issue with an account.
    The e-mail features a hyperlink taking the sufferer to faux variations of official apps. These phony apps embrace ETC, which is a toll-collection app in Taiwan, and Vietnamese banking app VPBank Neo, a banking app in Vietnam. The actual variations of every app have over 1 million installs every from the Google Play Store. Check Point additionally found {that a} faux model of an actual transport app with 100,000 installs can also be getting used, however this app was not named.

    Apps mimicked by the FluHorse malware. Image credit score Check Point Research

    To hijack any 2FA codes despatched, the three apps request SMS entry. With 2FA, a consumer can open an app or web site by typing in a password and a particular code that’s despatched to the consumer’s cellphone by textual content. The faux apps copy the UIs of the true apps however do not do a lot outdoors of accumulating the consumer’s data including bank card data. Then, to make it seem as if some actual processing is happening, the display says “system is busy” for 10 minutes. What’s actually taking place is that 2FA codes are being stolen together with personal data.

    How FluHorse works - FluHorse malware attacks Android phones stealing personal data including passwords

    How FluHorse works

    According to Check Point, that is an energetic and ongoing risk to Android customers and it’s at all times finest to not give away personal data like bank card numbers and social safety numbers on-line. And simply because this organized assault has been noticed in a unique area of the world, it does not imply that try to be lax on the subject of safeguarding your personal data.

    Share.

    Related Posts

    Leave A Reply