East Asian markets have been targeted by a new email phishing campaign that is distributing FluHorse – a previously undocumented strain of Android malware that is abusing the Flutter software development framework. According to Check Point, the malicious apps mimic popular, legitimate apps like ETC and VPBank Neo, which have more than 1,000,000 installs and are widely used in Taiwan and Vietnam. The activity has been active since May 2022 and the phishing scheme is fairly straightforward: victims are lured with emails that contain links to a bogus website that hosts malicious APK files. Once installed, the malware requests for SMS permissions and prompts the user to input their credentials and credit card information, all of which is then exfiltrated to a remote server in the background while the victim is asked to wait for several minutes. Stay safe and be aware of this malicious phishing campaign!
Cybersecurity experts have uncovered a new level of sophistication in threat actors’ tactics. They have been found to be abusing access to SMS messages to intercept incoming 2FA codes and redirect them to a command-and-control server. Additionally, the researchers identified a dating app that was redirecting Chinese-speaking users to rogue landing pages designed to capture credit card information.
The phishing emails were sent to several high-profile organizations, including government sector employees and large industrial companies, with new infrastructure and fraudulent applications popping up every month. Interestingly, the malicious functionality was implemented with Flutter, an open source UI software development kit that can be used to develop cross-platform apps from a single codebase.
The malware developers didn’t put much effort into the programming, instead relying on Flutter as a developing platform. This approach allowed them to create dangerous and mostly undetected malicious applications. One of the benefits of using Flutter is that its hard-to-analyze nature renders many contemporary security solutions ineffective.