Android users at risk from dangerous malware that is difficult to detect

Cybersecurity researchers have discovered a new Android malware that is being called ‘FluHorse’. The new malware is targeting Android users via malicious apps that look like legitimate ones with over 1,00,000 downloads. The malware has been found targeting multiple sectors in Eastern Asia as per latest reports.

The malicious apps are designed to extract sensitive information from users. This includes user credentials and Two-Factor Authentication (2FA) codes, as per CheckPoint Research. The malware is typically distributed through email.

High-profile people including government officials were reportedly targeted in the phishing email attack’s initial stages. ‘FluHorse’ has the ability to avoid detection for a long time, which has been called one of its most concerning features. This makes the malware a persistent and dangerous threat which is difficult to detect.

Attacks of this Android malware begin with targeted malicious emails which are sent to high-profile people. It asks them to take immediate action in order to resolve a payment problem. It typically directs the victim to a phishing website through a hyperlink in the email. The users are then prompted to download an APK (Android package file) of the fake application on the website.

Among apps that the Android malware mimics are Taiwanese toll collection app ‘ETC’ and Vietnamese banking app ‘VPBank Neo’. The real apps in both cases have more than million Google Play store downloads. Once installed, the fake apps send an SMS access request to intercept incoming authentication OTPs which they use to hack into a user’s accounts. Once they capture the details of a user, the apps display a “system is busy” message for 10 minutes. While the user waits, the hackers intercept 2FA codes in the background to exploit the stolen data.

(Inputs from IANS)