Today: June 15, 2025
Subscribe
May 9, 2023
1 min read

New Android malware discovered that steals passwords

On Google Play, both legitimate versions of these apps have over a million downloads…reports Asian Lite News

A new Android malware known as ‘FluHorse’ has been discovered, which targets users in Eastern Asia with malicious apps that look like legitimate versions with over 1,00,000 installs.

According to Check Point Research, these malicious apps are designed to extract sensitive information, including user credentials and Two-Factor Authentication (2FA) codes.

FluHorse malware targets multiple sectors in Eastern Asia and is typically distributed via email.

In some cases, high-profile entities such as government officials were targeted at the initial stages of the phishing email attack.

One of the most concerning aspects of FluHorse is its ability to go undetected for long periods of time, making it a persistent and dangerous threat that is difficult to detect.

According to the report, FluHorse attacks start with targeted and malicious emails sent to high-profile individuals, urging them to take immediate action to resolve an alleged payment issue.

Usually, the target is directed to a phishing website through a hyperlink included in the email. Once there, they are prompted to download the phoney APK (Android package file) of the fake application.

The FluHorse carrier apps mimic ‘ETC,’ a Taiwanese toll collection app, and ‘VPBank Neo,’ a Vietnamese banking app.

On Google Play, both legitimate versions of these apps have over a million downloads.

Moreover, the report said that upon installation, all three fake apps request SMS access in order to intercept incoming 2FA codes in case they are required to hijack the accounts.

The fake apps mimic the original user interfaces but lack functionality beyond two to three windows that load forms that capture the victim’s information.

Following the capture of the victims’ account credentials and credit card information, the apps display a “system is busy” message for 10 minutes to make the process appear realistic while the operators act in the background to intercept 2FA codes and leverage the stolen data.

ALSO READ-WhatsApp rolling out ‘side-by-side’ feature on Android tablets

Tags:

Related Posts

Previous Story

India-UAE bilateral trade grew 20% in 2022-23

Next Story

Global tech services sector hits $57 bn in deal activity

Latest from Tech LITE

UK Delays AI Regulation

UK Government Delays AI Regulation Bill by a Year, Plans Comprehensive Legislation to Address Safety and Copyright Concerns Efforts to regulate artificial intelligence in the UK have been pushed back by at

OpenAI Expands In India

This programme, now part of the broader ‘OpenAI Academy’, focuses on real-world impact through hands-on guidance, early access to tools, and shared learning Indians have emerged as the most enthusiastic population globally

Trump boosts private Mars missions

The budget earmarks over $7 billion for lunar exploration, including the continuation of the Artemis programme, while setting aside a new $1 billion investment specifically for commercial Mars initiatives. In a bold

Accel Puts India’s AI Power in the Spotlight

Under the theme “Engineering India’s AI Advantage,” the exclusive, invite-only event will bring together leading AI founders, researchers, tech CXOs, policymakers, and global investors….reports Asian Lite News Global venture capital firm Accel

Trump plans nuclear energy push

This move comes amid a surge in power demand driven by rapid advances in artificial intelligence (AI)….reports Asian Lite News U.S. President Donald Trump is preparing to sign a series of executive
Go toTop

Don't Miss

Android powers 3B devices globally

Sameer Samat, VP of product management at Android and Google

WhatsApp working on passkey support for Android beta

The platform also rolled out a ‘link with phone number’