| door Laura Jenny
A new malware has appeared called FluHorse, eager to steal your passwords and your two-factor authentication codes. This ‘flu horse’ is hungry and now mainly lives in East Asia. However, we also have to be mindful of this in Europe.
Check Point Research
Check Point Research comes out with this information. It came across the malware and says it has been running for a year. Since May 2022, it has been making victims, especially in East Asia. Its creators have made it like this: The malware is distributed via email with the aim of stealing people’s passwords and two-factor authentication codes. It also tries to steal account details and credit card data, while it is at it.
FluHorse is probably not looking for you or me: it is mainly grafted on people who are high up in the tree. CEOs, CFOs: people who probably have a lot of money. After all, there must be something to be gained. The email that the attackers send revolves around solving a payment problem as soon as possible. A classic way of attacking, because by putting extra urgency behind it, people often forget to count to ten and think about what they are doing.
Related articles
Fluhorse malware
In that email there is also a link and if the victim clicks on it, they download an APK, i.e. an app file. That just seems to come from a real payment institution, such as the Vietnamese VPBank Neo, but it is secretly malware that quickly violates all kinds of data that you have on your smartphone. Transporters are also sometimes imitated, although it is unclear which one exactly. This is also often accompanied by text messages and we also know that in the Netherlands, text messages about packages that are waiting for you, which then do not come from PostNL but from P0st_NL, so to speak.
Once you have entered your payment details on that link, you will receive a ‘system is busy’ message (the system is busy) and it lasts ten minutes. This is probably some kind of loading screen to give the thieves time to forward the information all at lightning speed. If you encounter such a screen in the next few days, after clicking on a link that may not be what it appeared to be at all, then you know what time it is. FluHorse is still very active. Watch out.
Have you heard of FluHorse? Leave it now in the comments.
Read the article on the mobile website