Malware has become a major problem for customers all around the world since it steals important data from users’ devices without their knowledge. According to the latest study, a new Android malware has been discovered that is purportedly targeting Eastern Asia with the help of malicious applications that appear legitimate at first glance, since they have over 1 lakh installs.
Malware, which stands for “malicious software,” is any software that is meant to harm or exploit a device, network, or user. Malware comes in various forms, including viruses, Trojans, ransomware, spyware, adware, and others. Malware can infect a device via a variety of methods, including email attachments, compromised websites, software downloads, and social engineering assaults.
When a device becomes infected with malware, it can create a variety of issues, including the theft of sensitive information, disruption of regular device performance, and unauthorized access to the device or network. A virus, for example, can replicate itself and infect other files on a device, a Trojan can construct a backdoor to allow an attacker remote access, and ransomware can encrypt a user’s files and demand money to release them.
According to a Checkpoint study, these apps are designed in such a way that they may harvest sensitive data such as passwords and even Two-Factor Authentication (2FA) credentials, which people regard as the safest option for protection.
FluHorse: How It Is Distributed?
It, like other malware, has the ability to infect your system, but only with a single tap. However, it has been discovered that emails are being used to propagate malware, especially in Eastern Asia. High-profile targets, such as public figures, were occasionally targeted in the start of the phishing email attack. FluHorse’s ability to go unnoticed for extended periods of time gives it a persistent and dangerous threat that is difficult to detect, which is one of the most concerning features of the virus.
FluHorse attacks begin with targeted, malicious emails sent to famous persons asking with them to act immediately to resolve a clear payment issue.
How Does FluHorse Function?
A hyperlink in the email typically sends the target to a phishing website. When they arrive, they are instructed to download the phony APK (Android package file) of the fake program. The FluHorse carrier apps mimic ‘ETC,’ a Taiwanese toll-collecting software, and ‘VPBank Neo,’ a Vietnamese banking app.
The trustworthy versions of each of these apps have gained over a million downloads on Google Play. According to the research, after installation, all three of the fake apps request SMS access in order to intercept incoming 2FA codes in case those codes are required to hack the accounts.
FluHorse: How To Identify Its A Threat?
The fake apps are very similar to legal user interfaces, but they are limited to two to three windows that load forms and collect data from the victim. To make the process appear genuine, the apps display a “system is busy” notice for 10 minutes after obtaining the victims’ account passwords and credit card information. Meanwhile, the operators are working behind the scenes to intercept 2FA codes and use the stolen data.