A new strain of phishing malware that impersonates legitimate applications to steal user credentials and banking information has emerged in Eastern Asia.
Typically distributed via email, the FluHorse malware utilizes a series of malicious Android applications, each resembling a well-known app that has been downloaded over 100,000 times.
Discovered by CheckPoint Research, these harmful apps are crafted to extract sensitive data, including user credentials and Two-Factor Authentication (2FA) codes. The apps targeted by FluHorse include ‘ETC,’ a toll-collection app popular in Taiwan, and ‘VPBank Neo,’ a banking application used in Vietnam. Each legitimate version of these apps boasts over a million downloads on Google Play.
Cybercriminals frequently select high-download apps to enhance the effectiveness of their attacks and broaden their reach. CheckPoint identified numerous high-profile organizations among the recipients of the phishing emails in this campaign, including employees from the government sector and major industrial companies.
This emergence of FluHorse coincides with a significant rise in cyberattacks in the APAC region, where, during the first quarter of 2023, the average organization experienced 1,835 attacks weekly. This marks a 16% increase compared to the same period in 2022, as reported by CheckPoint Research.