Description
“FluHorse” is a new Android malware discovered by Check Point Research targeting Eastern Asia since May 2022. It”s distributed via email and aims to steal account credentials, credit card data, and 2FA codes.
Details
FluHorse, a recently discovered Android malware, has been identified as targeting diverse sectors in Eastern Asia since May 2022. This malware is camouflaged as popular and genuine Android apps and circulated through email channels. FluHorse”s primary objective is to acquire sensitive information such as account credentials, credit card details, and two-factor authentication (2FA) codes.
As per the research conducted by Check Point, FluHorse is an alarming malware that can circumvent the two-factor authentication process, which is crucial in providing an additional security layer to prevent account takeover. The malware is programmed to capture SMS messages and pilfer 2FA codes, enabling the perpetrator to avoid authentication and gain access to the victim”s account.
To evade detection, FluHorse is fashioned to employ encryption techniques, hiding its operations. Once established on a device, the malware can monitor keystrokes and confiscate critical information, including passwords and credit card data. The malware”s targets are various sectors in Eastern Asia, such as finance, healthcare, and government. Malware distribution through email is the attackers” preferred tactic, capitalizing on social engineering strategies to deceive the victim into downloading and installing the malware.
Check Point”s research indicates that the discovery of FluHorse emphasizes the criticality of having a comprehensive security strategy, incorporating both technical and human elements, in place. This includes educating employees regularly about security awareness to enable them to recognize and avoid social engineering attacks.
The discovery of FluHorse underscores the ongoing threat that malware poses to Android users and highlights the necessity of being vigilant and proactive in taking security measures to protect against these threats.
Remediation
Cyber Security tips to protect against the FluHorse malware:
Only download apps from trusted sources: Users should only download apps from reputable sources like the Google Play Store, as these platforms have measures in place to detect and remove malicious apps.
Keep the operating system and security software up-to-date: Regularly updating the operating system and security software can help protect against known vulnerabilities that malware like FluHorse can exploit.
Avoid clicking on links or downloading attachments from unknown or suspicious sources: Users should exercise caution when clicking on links or downloading attachments from unknown or suspicious sources, as these could contain malware.
Use two-factor authentication with an authenticator app: To minimize the risk of account takeover, users should use two-factor authentication with an authenticator app instead of SMS-based 2FA, which can be intercepted by malware like FluHorse.
Be wary of unsolicited emails: Users should be wary of unsolicited emails, particularly those that ask them to download or install software. They should avoid clicking on links or downloading attachments from these emails.
Implement comprehensive security measures: Companies and organizations should implement a comprehensive security strategy that includes both technical and human elements, such as regular security awareness training for employees to help them recognize and avoid social engineering attacks.
The Guyana National CIRT recommends that users and administrators review this alert and apply it where necessary.
PDF Download: FLUHORSE android malware stealing account credentials and 2FA codes.pdf
References
Social, C. (2023, May 8). Retrieved from Cyware: https://cyware.com/news/fluhorse-new-android-threat-stealing-2fa-codes-and-passwords-22bf31a5/?web_view=true
Toulas, B. (2023, May 5). Retrieved from Bleeping Computer: https://www.bleepingcomputer.com/news/security/new-android-fluhorse-malware-steals-your-passwords-2fa-codes/