FluHorse Mobile Malware Tagets Asian Victims

A novel email phishing campaign has targeted different industries in East Asian markets by disseminating a previously unknown type of Android malware named FluHorse that exploits the Flutter software development framework. The malware consists of numerous Android applications that resemble authentic applications, most of which have over one million downloads.

These malevolent apps pilfer victims' credentials and two-factor authentication codes. The malicious apps mimic famous apps like ETC and VPBank Neo, which are prevalent in Vietnam and Taiwan, and the scheme has been active since at least May 2022.

FluHorse Mode of Operation

The scam is simple, where victims are tricked into clicking links in emails that direct them to fake websites hosting harmful APK files. The sites contain checks that screen potential victims and only provide the app if their browser User-Agent string corresponds to that of Android. Once installed, the malware asks for SMS permissions and coerces users to input their login details and credit card information, which is then stolen and sent to a remote server.

Meanwhile, the malware intercepts all incoming 2FA codes and reroutes them to the command-and-control server. Furthermore, a dating app was discovered that sends Chinese-speaking users to fake landing pages created to capture credit card information. The phishing emails have targeted many notable institutions, including government employees and large industrial firms, with new fraudulent apps and infrastructure emerging every month.

FluHorse Built Using Flutter SDK

Surprisingly, the malware is designed using Flutter, an open-source UI software development kit that permits developers to create cross-platform apps with a single codebase. Even though malevolent actors frequently employ evasion tactics, obfuscation, and protracted delays before execution to evade analysis and bypass virtual environments, the use of Flutter indicates a higher degree of sophistication.

By Zaib
May 9, 2023
Android Malware
English
May 9, 2023
Android Malware

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

4 years ago

Pinaview is a Fully-Featured Adware App

7 months ago

What is the RSEngineSvc.exe File and Process?

12 months ago

'American Express - Update Your Account Information' Email Scam

2 months ago

"Your iCloud is Being Hacked" and "Your iPhone has Been...

4 months ago

Aluc Service Cryptomining Malware

1 month ago

Related Posts

Android Malware

FakeReward Mobile Malware Used Against Indian Victims

FakeReward is the name of a mobile malware package that was discovered by security researchers in late November 2022. The malware targets the Android platform and functions very similarly to a banking trojan.... Read more

November 28, 2022
Android Malware

AIVARAT Mobile Malware

AIVARAT is the name of a newly detected strain of mobile malware. The new threat is a remote access trojan or a RAT, as the name implies. The capabilities of the new malware are considerable. AIVARAT can scrape and... Read more

July 15, 2022
Android Malware

PINEFLOWER Mobile Malware

PINEFLOWER is the name of a family of mobile malware variants that is associated with an Iranian advanced persistent threat actor that is believed to be sponsored by the state. A research team with security firm... Read more

September 16, 2022
English
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Backup Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Backup's Terms of Service Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2023 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.