Tweet
Cybersecurity experts from Check Point Research recently discovered a new malware campaign targeting Android users in Easter Asia. In the campaign, the threat actors built mobile apps that mimicked actual solutions and tried to trick people into downloading them.
Those that would fall for the trick would end up giving sensitive personal data, such as passwords and banking details, to the hackers.
The researchers dubbed the malware “FluHorse”, reporting its operators have been active for a year now. The criminals would try to distribute the malware via email, sending phishing emails to “high-profile” targets telling them to download an app and sort out a pending payment problem.
[HEADING=1]Low effort[/HEADING]
Some of the apps being distributed through these email messages are Taiwanese toll-collection app ETC, VPBank Neo, a Vietnamese banking app, and an unnamed transportation app. The legitimate versions of the first two apps have more than a million downloads, while the third one has 100,000 downloads.
The operators didn’t really try to copy the legitimate apps completely, the researchers found, but rather just copied a few windows and mimicked the graphic user interface (GUI). As soon as the victim enters their account credentials and credit card details, the app would display a “system is busy” message, in an attempt to buy time, as it shares the stolen data with the attackers.
Read more
The apps are also capable of intercepting multi-factor authentication (MFA) codes, as well.
The common denominator for all email-borne Android attacks is that they all invite the victim to “urgently” download an app from a third-party repository, which would then ask for plenty of permissions. To stay safe, it’s best to use common sense - emails from legitimate companies rarely have “urgent” requests, and would not have their official apps sitting on shady, third-party repositories. Finally, asking for excessive permissions is a major red flag, as well.
[ul]
[li]Here are the best ID theft protection options around[/li][/ul]
Via: BleepingComputer
Continue reading…
Those that would fall for the trick would end up giving sensitive personal data, such as passwords and banking details, to the hackers.
The researchers dubbed the malware “FluHorse”, reporting its operators have been active for a year now. The criminals would try to distribute the malware via email, sending phishing emails to “high-profile” targets telling them to download an app and sort out a pending payment problem.
[HEADING=1]Low effort[/HEADING]
Some of the apps being distributed through these email messages are Taiwanese toll-collection app ETC, VPBank Neo, a Vietnamese banking app, and an unnamed transportation app. The legitimate versions of the first two apps have more than a million downloads, while the third one has 100,000 downloads.
The operators didn’t really try to copy the legitimate apps completely, the researchers found, but rather just copied a few windows and mimicked the graphic user interface (GUI). As soon as the victim enters their account credentials and credit card details, the app would display a “system is busy” message, in an attempt to buy time, as it shares the stolen data with the attackers.
Read more
This dangerous Android malware is seeing a huge rise in infections
Dangerous new ‘Hook’ Android malware lets hackers remotely control your phone
Check out the best malware protection software right now
Dangerous new ‘Hook’ Android malware lets hackers remotely control your phone
Check out the best malware protection software right now
The common denominator for all email-borne Android attacks is that they all invite the victim to “urgently” download an app from a third-party repository, which would then ask for plenty of permissions. To stay safe, it’s best to use common sense - emails from legitimate companies rarely have “urgent” requests, and would not have their official apps sitting on shady, third-party repositories. Finally, asking for excessive permissions is a major red flag, as well.
[ul]
[li]Here are the best ID theft protection options around[/li][/ul]
Via: BleepingComputer
Continue reading…