Flutter-Based Android Malware Targets Credit Cards and 2FA Codes

Flutter-Based Android Malware Targets Credit Cards and 2FA Codes

Cybersecurity researchers have shared the inner workings of an Android malware family called Fluhorse.

The malware “represents a significant shift as it incorporates the malicious components directly within the Flutter code,” Fortinet FortiGuard Labs researcher Axelle Apvrille said in a report published last week.

Fluhorse was first documented by Check Point in early May 2023, detailing its attacks on users located in East Asia through rogue apps masquerading as ETC and VPBank Neo, which are popular in Taiwan and Vietnam. The initial intrusion vector for the malware is phishing.

The ultimate goal of the app is to steal credentials, credit card details, and two-factor authentication (2FA) codes received as SMS to a remote server under the control of the threat actors.

The latest findings from Fortinet, which reverse-engineered a Fluhorse sample uploaded to VirusTotal on June 11, 2023, suggest that the malware has evolved, incorporating additional sophistication by concealing the encrypted payload in a packer.

The decrypted payload, a ZIP file, contains within it a Dalvik executable file (.dex), which is then installed on the device to listen to incoming SMS messages and exfiltrate them to the remote server.

“Reversing Flutter applications statically is a breakthrough for anti-virus researchers, as, unfortunately, more malicious Flutter apps are expected to be released in the future,” Apvrille said.


Source: https://thehackernews.com/