This dangerous new Android malware can steal your passwords and 2FA codes

Multiple Android apps found distributing an infostealer

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Cybersecurity experts from Check Point Research recently discovered a new malware campaign targeting Android users in East Asia. In the campaign, the threat actors built mobile apps that mimicked actual solutions and tried to trick people into downloading them.

Those that would fall for the trick would end up giving sensitive personal data, such as credentials, banking details, and even 2FA codes, to the hackers. Not even using thebest password managerwould protect you in this case.

The researchers dubbed the malware “FluHorse”, reporting its operators have been active for a year now. The criminals would try to distribute the malware via email, sending phishing emails to “high-profile” targets telling them to download an app and sort out a pending payment problem.

Low effort

Some of the apps being distributed through these email messages are Taiwanese toll-collection app ETC, VPBank Neo, a Vietnamese banking app, and an unnamed transportation app. The legitimate versions of the first two apps have more than a million downloads, while the third one has 100,000 downloads.

The operators didn’t really try to copy the legitimate apps completely, the researchers found, but rather just copied a few windows and mimicked the graphic user interface (GUI). As soon as the victim enters their account credentials and credit card details, the app would display a “system is busy” message, in an attempt to buy time, as it shares the stolen data with the attackers.

This dangerous Android malware is seeing a huge rise in infections>Dangerous new ‘Hook’ Android malware lets hackers remotely control your phone>Check out the best malware protection software right now

The apps are also capable of intercepting multi-factor authentication (MFA) codes, as well.

The common denominator for all email-borne Android attacks is that they all invite the victim to “urgently” download an app from a third-party repository, which would then ask for plenty of permissions. To stay safe, it’s best to use common sense - emails from legitimate companies rarely have “urgent” requests, and would not have their official apps sitting on shady, third-party repositories. Finally, asking for excessive permissions is a major red flag, as well.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Via:BleepingComputer

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Cisco issues patch to fix serious flaw allowing possible industrial systems takeover

Washington state court systems taken offline following cyberattack

Google TV will require more RAM for future upgrades – which might leave older TVs and streaming boxes behind