New Android Malware ‘FluHorse’ Focusing on East Asian Markets with Misleading Techniques

Could 05, 2023Ravie LakshmananCell Safety / Android

Android Malware

Varied sectors in East Asian markets have been subjected to a brand new e mail phishing marketing campaign that distributes a beforehand undocumented pressure of Android malware known as FluHorse that abuses the Flutter software program improvement framework.

“The malware options a number of malicious Android functions that mimic official functions, most of which have greater than 1,000,000 installs,” Verify Level said in a technical report. “These malicious apps steal the victims’ credentials and two-factor authentication (2FA) codes.”

The malicious apps have been discovered to mimic apps like ETC and VPBank Neo, that are utilized in Taiwan and Vietnam. Proof gathered to this point reveals that the exercise has been lively since no less than Could 2022.


The phishing scheme in itself is pretty easy, whereby victims are lured with emails that include hyperlinks to a bogus web site that hosts malicious APK recordsdata. Additionally added to the web site are checks that intention to display screen victims and ship the app provided that their browser User-Agent string matches that of Android.

As soon as put in, the malware requests for SMS permissions and prompts the person to enter their credentials and bank card info, all of which is subsequently exfiltrated to a distant server within the background whereas the sufferer is requested to attend for a number of minutes.

Android Malware

The risk actors additionally abuse their entry to SMS messages to intercept all incoming 2FA codes and redirect them to the command-and-control server.

The Israeli cybersecurity agency stated it additionally recognized a courting app that redirected Chinese language-speaking customers to rogue touchdown pages which might be designed to seize bank card info.


Be taught to Cease Ransomware with Actual-Time Safety

Be a part of our webinar and discover ways to cease ransomware assaults of their tracks with real-time MFA and repair account safety.

Save My Seat!

Apparently, the malicious performance is applied with Flutter, an open supply UI software program improvement package that can be utilized to develop cross-platform apps from a single codebase.

Whereas risk actors are identified to make use of a wide range of tips like evasion strategies, obfuscation, and lengthy delays earlier than execution to withstand evaluation and get round digital environments, the usage of Flutter marks a brand new degree of sophistication.

“The malware builders didn’t put a lot effort into the programming, as a substitute counting on Flutter as a growing platform,” the researchers concluded.

“This strategy allowed them to create harmful and largely undetected malicious functions. One of many advantages of utilizing Flutter is that its hard-to-analyze nature renders many modern safety options nugatory.”

Discovered this text attention-grabbing? Comply with us on Twitter and LinkedIn to learn extra unique content material we submit.