EXPERTS have discovered a whole new form of Android attack that can steal passwords and rob people’s bank accounts.
The so-called ‘FluHorse’ malware has been spread via malicious emails sent to unsuspecting victims.
1
It starts with warning targets that they need to take action now to fix a payment problem.
The email contains a link that leads to a fake app that cleverly mimics other brands.
These include a toll collection app, a banking app, and a transportation app.
Legitimate versions of these apps have more than a million downloads on the Google Play Store, Bleeping Computer reports.
Once installed, the dubious dummy apps request access to your texts, which are used to steal two-factor authentication (2FA) codes.
Two-factor authentication is used to provide additional security to your accounts when someone tries to log in and sends you a randomly generated code that you must enter to continue.
If someone gets their hands on this code, they can raid your account and do whatever they want – even lock you out.
Victims usually get a “system is busy” message on the app for about 10 minutes.
Most read in Phones & Gadgets
This is most likely so that cyber thieves have some time to process your data.
Check Point Research, which discovered the nasty ruse, said: “We traced FluHorse activity to May 2022.
“Our analysis shows that these campaigns remain an ongoing threat as new infrastructure nodes and malicious applications emerge every month.”
Fortunately for users in the west, the attack appears to have been limited to East Asia so far.
But that doesn’t mean it couldn’t spread in the future.
The scammed apps include a fake “ETC” toll collection app used in Taiwan.
And the counterfeit banking service is “VPBank Neo” used in Vietnam.
Check Point did not reveal the name of the transportation app.
As always with these kinds of malware attacks, it’s important to look out for the key signs to protect yourself.
First, scam emails always use a sense of urgency to get your attention and respond irrationally.
So always think twice and stay calm when you receive an email stating that you owe money to a major corporate brand.
If you are not sure, it is always best to contact the company directly using the details of their official sites.
Do not use any information mentioned in the email itself.
Second, avoid downloading apps away from official app stores like Google Play.
Most legitimate app makers – especially those from large companies – will have their apps available in the appropriate app stores.
They will not ask you to download them from the internet.
Best tips and hacks for phones and gadgets
Looking for tips and hacks for your phone? Want to find those secret features in social media apps? We’ve got you covered…
Download all the latest news about WhatsApp, Instagram, Facebook and other tech gadgets here.
We pay for your stories! Do you have a story for the Sun Online Tech & Science team? Email us at tech@the-sun.co.uk