New Android Malware ‘FluHorse’ Concentrating on East Asian Markets with Misleading Ways

Might 05, 2023Ravie LakshmananCellular Safety / Android

Android Malware

Varied sectors in East Asian markets have been subjected to a brand new e-mail phishing marketing campaign that distributes a beforehand undocumented pressure of Android malware known as FluHorse that abuses the Flutter software program improvement framework.

“The malware options a number of malicious Android purposes that mimic professional purposes, most of which have greater than 1,000,000 installs,” Test Level said in a technical report. “These malicious apps steal the victims’ credentials and two-factor authentication (2FA) codes.”

The malicious apps have been discovered to mimic apps like ETC and VPBank Neo, that are utilized in Taiwan and Vietnam. Proof gathered to this point reveals that the exercise has been energetic since not less than Might 2022.


The phishing scheme in itself is pretty simple, whereby victims are lured with emails that comprise hyperlinks to a bogus web site that hosts malicious APK information. Additionally added to the web site are checks that goal to display screen victims and ship the app provided that their browser User-Agent string matches that of Android.

As soon as put in, the malware requests for SMS permissions and prompts the person to enter their credentials and bank card info, all of which is subsequently exfiltrated to a distant server within the background whereas the sufferer is requested to attend for a number of minutes.

Android Malware

The menace actors additionally abuse their entry to SMS messages to intercept all incoming 2FA codes and redirect them to the command-and-control server.

The Israeli cybersecurity agency mentioned it additionally recognized a courting app that redirected Chinese language-speaking customers to rogue touchdown pages which can be designed to seize bank card info.


Be taught to Cease Ransomware with Actual-Time Safety

Be a part of our webinar and learn to cease ransomware assaults of their tracks with real-time MFA and repair account safety.

Save My Seat!

Apparently, the malicious performance is applied with Flutter, an open supply UI software program improvement package that can be utilized to develop cross-platform apps from a single codebase.

Whereas menace actors are identified to make use of a wide range of methods like evasion strategies, obfuscation, and lengthy delays earlier than execution to withstand evaluation and get round digital environments, the usage of Flutter marks a brand new stage of sophistication.

“The malware builders didn’t put a lot effort into the programming, as an alternative counting on Flutter as a creating platform,” the researchers concluded.

“This method allowed them to create harmful and principally undetected malicious purposes. One of many advantages of utilizing Flutter is that its hard-to-analyze nature renders many modern safety options nugatory.”

Discovered this text attention-grabbing? Comply with us on Twitter and LinkedIn to learn extra unique content material we publish.