According to a report by Check Point Research (CPR), there is a highly sophisticated malware campaign that is directed at a variety of sectors in Eastern Asia. In this campaign, malware dubbed FluHorse disguises itself as legitimate apps. The list includes apps with over 1,00,000 downloads.
How hackers are spreading FluHorse
According to research, FluHorse targets multiple sectors in Eastern Asia and is typically distributed via email. It has also targeted high-profile entities such as governmental officials in the initial stages of the phishing email attack.
Cybercriminals reportedly chose an eclectic selection of targeted sectors for specific countries, using one mimicked app in each country.
These are mimicked apps from reputable companies because hackers are confident that such apps will attract financially stable customers due to the company’s reputation for trustworthiness.
FluHorse also has the ability to remain undetected for extended periods of time, making it a persistent threat that is difficult to identify.
FluHorse steals 2FA codes
The report said that the goal of this campaign is to steal sensitive information, including user credentials like 2-factor authentication (2FA) codes and credit card details.
The 2FA is a measure to improve security for online services that require a password. Users are required to provide an authentication code or other methods like permission from a primary device or key to prove they are the ones accessing the service.
This campaign is quite dangerous because it reportedly hits the codes that are used to authenticate users, essentially rendering 2FA ineffective in stopping unauthorised access to services.
Recently, a report said that global weekly cyberattacks rose by 7% year-over-year in the first quarter of 2023 (Q1 2023) and India recorded an increase of 18% in weekly cyberattacks in the first three months this year.