EXPERTS have uncovered a brand new form of Android attack capable of stealing passwords and raiding people’s bank accounts.
The so-called “FluHorse” malware has been distributed via malicious emails sent to unsuspecting victims.
1
It begins by warning targets that they need to take action now to sort out a payment issue.
The email includes a link leading to a fake app cleverly mimicking other brands.
These include a toll collection app, a banking app and a transportation app.
Legitimate versions of these apps have more than a million downloads on the Google Play Store, reports Bleeping Computer.
Once installed, the dubious dummy apps request access to your texts, which are used to steal two factor authentication (2FA) codes.
Two factor authentication is used to make your accounts extra secure when someone tries to log in, sending you a randomly generated code you need to enter to proceed.
If someone gets hold of this code, they will be able to raid your account and do what they like – even lock you out.
Victims are usually met with a “system is busy” message on the app for about 10 minutes.
Most read in Phones & Gadgets
This is most likely so cyber thieves have some time to process your data.
Check Point Research, who discovered the nasty ruse, said: “We traced FluHorse activity back to May 2022.
“Our analysis shows that these campaigns remain an ongoing threat as new infrastructure nodes and malicious applications appear each month.”
Fortunately for users in the west, it appears the attack has been limited to eastern Asia so far.
But that’s not to say it couldn’t spread in the future.
The apps ripped off include a fake “ETC” toll-collection app used in Taiwan.
And the faked banking service is “VPBank Neo”, used in Vietnam.
Check Point did not disclose the name of the transportation app.
As ever with these sorts of malware attacks, it’s important to look out for key signs to protect yourself.
Firstly, scam emails always use a sense of urgency to get your attention and react irrationally.
So always think twice and stay calm if you receive an email saying you owe money from a big company brand.
If you’re unsure, it’s always best to contact the company directly using details from their official sites.
Don’t use any details mentioned in the email itself.
Secondly, avoid downloading apps away from official app stores like Google Play.
Most legitimate app makers – especially those for big companies – will have their apps available in proper app stores.
They won’t ask you to download them from the internet.
Best Phone and Gadget tips and hacks
Looking for tips and hacks for your phone? Want to find those secret features within social media apps? We have you covered…
We pay for your stories! Do you have a story for The Sun Online Tech & Science team? Email us at [email protected]
This post first appeared on Thesun.co.uk
