New Android Malware 'FluHorse' Targeting East Asian Markets

vtqhtr413

vtqhtr413

Level 27
Thread author
Well-known
Aug 17, 2017
1,609
Content source
https://thehackernews.com/2023/05/new-android-malware-fluhorse-targeting.html
Various sectors in East Asian markets have been subjected to a new email phishing campaign that distributes a previously undocumented strain of Android malware called FluHorse that abuses the Flutter software development framework. "The malware features several malicious Android applications that mimic legitimate applications, most of which have more than 1,000,000 installs," Check Point said in a technical report. "These malicious apps steal the victims' credentials and two-factor authentication (2FA) codes." The malicious apps have been found to imitate apps like ETC and VPBank Neo, which are used in Taiwan and Vietnam. Evidence gathered so far shows that the activity has been active since at least May 2022.
Click to expand...
thehackernews.com

New Android Malware 'FluHorse' Targeting East Asian Markets with Deceptive Tactics

East Asian markets hit by a new Android malware named FluHorse.
thehackernews.com thehackernews.com
 
  • Like
  • +Reputation
  • Wow
Reactions: Zero Knowledge, FALLEN, MuzzMelbourne and 4 others
vtqhtr413

vtqhtr413

Level 27
Thread author
Well-known
Aug 17, 2017
1,609
The malware "represents a significant shift as it incorporates the malicious components directly within the Flutter code," Fortinet FortiGuard Labs researcher Axelle Apvrille said in a report published last week. The latest findings from Fortinet, which reverse-engineered a Fluhorse sample uploaded to VirusTotal on June 11, 2023, suggest that the malware has evolved, incorporating additional sophistication by concealing the encrypted payload in a packer.

"Decryption is performed at the native level (to harden reverse engineering) using OpenSSL's EVP cryptographic API," Apvrille explained. The encryption algorithm is AES-128-CBC, and its implementation uses the same hard-coded string for the key and initialization vector (IV)." The decrypted payload, a ZIP file, contains within it a Dalvik executable file (.dex), which is then installed on the device to listen to incoming SMS messages and exfiltrate them to the remote server.

"Reversing Flutter applications statically is a breakthrough for anti-virus researchers, as, unfortunately, more malicious Flutter apps are expected to be released in the future," Apvrille said.
Click to expand...
thehackernews.com

Fluhorse: Flutter-Based Android Malware Targets Credit Cards and 2FA Codes

Fluhorse has evolved and become more sophisticated. It conceals its encrypted payload and listens to your SMS messages.
thehackernews.com thehackernews.com
 
  • Like
  • +Reputation
Reactions: Gandalf_The_Grey, silversurfer and MuzzMelbourne
You must log in or register to reply here.

Similar threads

[correlate]
    • Like
    • +Reputation
Security News New UULoader Malware Distributes Gh0st RAT and Mimikatz in East Asia
Replies
0
Views
1,598
Security News
[correlate]
[correlate]
Gandalf_The_Grey
    • Like
    • Wow
    • +Reputation
Malware News Over 200 malicious apps on Google Play downloaded millions of times
Replies
1
Views
1,181
Security News
Digmor Crusher
Digmor Crusher
silversurfer
    • Like
    • +Reputation
Tick APT Targeted High-Value Customers of East Asian Data-Loss Prevention Company
Replies
0
Views
885
News Archive
silversurfer
silversurfer

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top