This dangerous new Android malware can steal your passwords and 2FA codes

Samsung Galaxy S23 hands on display macro

The Google Play Store on Samsung's Galaxy S23 (Image credit: Future | Alex Walker-Todd)

Cybersecurity experts from Check Point Research recently discovered a new malware campaign targeting Android users in East Asia. In the campaign, the threat actors built mobile apps that mimicked actual solutions and tried to trick people into downloading them.

Those that would fall for the trick would end up giving sensitive personal data, such as credentials, banking details, and even 2FA codes, to the hackers. Not even using the best password manager would protect you in this case.

The researchers dubbed the malware “FluHorse”, reporting its operators have been active for a year now. The criminals would try to distribute the malware via email, sending phishing emails to “high-profile” targets telling them to download an app and sort out a pending payment problem.

Low effort

Some of the apps being distributed through these email messages are Taiwanese toll-collection app ETC, VPBank Neo, a Vietnamese banking app, and an unnamed transportation app. The legitimate versions of the first two apps have more than a million downloads, while the third one has 100,000 downloads.

The operators didn’t really try to copy the legitimate apps completely, the researchers found, but rather just copied a few windows and mimicked the graphic user interface (GUI). As soon as the victim enters their account credentials and credit card details, the app would display a “system is busy” message, in an attempt to buy time, as it shares the stolen data with the attackers.

> This dangerous Android malware is seeing a huge rise in infections

> Dangerous new 'Hook' Android malware lets hackers remotely control your phone

> Check out the best malware protection software right now

The apps are also capable of intercepting multi-factor authentication (MFA) codes, as well.

The common denominator for all email-borne Android attacks is that they all invite the victim to “urgently” download an app from a third-party repository, which would then ask for plenty of permissions. To stay safe, it’s best to use common sense - emails from legitimate companies rarely have “urgent” requests, and would not have their official apps sitting on shady, third-party repositories. Finally, asking for excessive permissions is a major red flag, as well.

Here are the best identity theft protection options around

Via: BleepingComputer

TOPICS

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.