A new phishing malware strain that mimics legitimate apps to steal user credentials and banking data has emerged in Eastern Asia.

Typically delivered via e-mail, the 'FluHorse malware operates via a set of malicious Android applications, each of which mimics a popular and legitimate app with over 100,000 installs.

Uncovered by CheckPoint Research, these malicious apps are designed to extract sensitive information, including user credentials and Two-Factor Authentication (2FA) codes.

The apps mimicked by the FluHorse carrier apps are 'ETC,' a toll-collection app used in Taiwan, and 'VPBank Neo,' a banking app in Vietnam. Both legitimate versions of these apps have over a million downloads each on Google Play.

Cybercriminals often opt for popular apps with a high number of downloads to maximize the impact of their attack and gain greater traction.

Checkpoint discovered multiple high-profile entities among the recipients of these specific emails in this attack, including employees of the government sector and large industrial companies.

FluHorse comes as the Apac region is experiencing a major increase in cyberattacks - in the first quarter of 2023, the average organization in Apac was attacked 1,835 times per week according to Check Point Research. This is a 16% increase over the first quarter of 2022.