uTalk

Official forum for Utopia Community

You are not logged in.

#1 2023-05-05 20:16:48

thrive
Member
Registered: 2023-01-04
Posts: 2,575

Malware 'FluHorse' Uses Deceptive Methods to Target East Asian Markets

QFVFd4i.png
A new email phishing campaign that targets various East Asian market segments is disseminating FluHorse, an Android malware strain that previously went unreported and abuses the Flutter software development framework.

The majority of the malware's malicious Android applications have received more than 1,000,000 installs, according to a technical report from Check Point. The victims' login information and two-factor authentication (2FA) codes are stolen by these malicious apps. ".

Apps used in Taiwan and Vietnam, such as ETC and VPBank Neo, have been discovered to be imitated by malicious apps. The activity has apparently been ongoing since at least May 2022, according to the evidence so far.

The basic phishing scam involves tricking victims with emails that contain links to a fake website that hosts malicious APK files. Additionally, the website now includes checks that target victim screening and restrict app delivery to those whose browser User-Agent string matches that of Android.

Once installed, the malware prompts the user to enter their credentials and credit card information, requests SMS permissions, and then exfiltrates the data to a remote server in the background while the victim waits for a few minutes.

The threat actors also take advantage of their access to SMS messages to snoop on all incoming 2FA codes and divert them to the command-and-control server.

The Israeli cybersecurity company claimed to have also discovered a dating application that sent Chinese-speaking users to fraudulent landing pages intended to steal credit card information.

It's interesting that the malicious functionality is implemented using Flutter, an open-source UI software development kit that enables the creation of cross-platform apps from a single codebase.
Guys be more careful.

Offline

Board footer

Powered by FluxBB