Fluhorse: Flutter-Based Android Malware Targets Credit Cards and 2FA Codes

Cyber Security

Products You May Like

Jun 29, 2023Ravie LakshmananMobile Security / Malware

Cybersecurity researchers have shared the inner workings of an Android malware family called Fluhorse.

The malware “represents a significant shift as it incorporates the malicious components directly within the Flutter code,” Fortinet FortiGuard Labs researcher Axelle Apvrille said in a report published last week.

Fluhorse was first documented by Check Point in early May 2023, detailing its attacks on users located in East Asia through rogue apps masquerading as ETC and VPBank Neo, which are popular in Taiwan and Vietnam. The initial intrusion vector for the malware is phishing.

The ultimate goal of the app is to steal credentials, credit card details, and two-factor authentication (2FA) codes received as SMS to a remote server under the control of the threat actors.

Cybersecurity

The latest findings from Fortinet, which reverse-engineered a Fluhorse sample uploaded to VirusTotal on June 11, 2023, suggest that the malware has evolved, incorporating additional sophistication by concealing the encrypted payload in a packer.

“Decryption is performed at the native level (to harden reverse engineering) using OpenSSL’s EVP cryptographic API,” Apvrille explained. The encryption algorithm is AES-128-CBC, and its implementation uses the same hard-coded string for the key and initialization vector (IV).”

The decrypted payload, a ZIP file, contains within it a Dalvik executable file (.dex), which is then installed on the device to listen to incoming SMS messages and exfiltrate them to the remote server.

“Reversing Flutter applications statically is a breakthrough for anti-virus researchers, as, unfortunately, more malicious Flutter apps are expected to be released in the future,” Apvrille said.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Products You May Like

Articles You May Like

OpenAI and Anthropic agree to let U.S. AI Safety Institute test and evaluate new models
Oppo Enco X3 Tipped to Launch in China This Year as a Rebranded Version of Flagship OnePlus TWS
SpaceX Polaris Dawn Mission: Overview, Significance and Reason Behind the Delay
CISA Flags Critical Apache OFBiz Flaw Amid Active Exploitation Reports
Valve Finally Announces Deadlock, Confirms Game Is in ‘Early Development’

Leave a Reply

Your email address will not be published. Required fields are marked *