Cybersecurity researchers have shared the interior workings of an Android malware loved ones named Fluhorse.
The malware “signifies a major shift as it incorporates the malicious parts right in just the Flutter code,” Fortinet FortiGuard Labs researcher Axelle Apvrille explained in a report posted last week.
Fluhorse was first documented by Test Level in early May 2023, detailing its attacks on consumers found in East Asia by way of rogue apps masquerading as Etc and VPBank Neo, which are well known in Taiwan and Vietnam. The initial intrusion vector for the malware is phishing.
Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.
Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).
➤ Activate Your Coupon Code
The top aim of the application is to steal qualifications, credit card facts, and two-factor authentication (2FA) codes been given as SMS to a remote server underneath the regulate of the threat actors.
The most up-to-date findings from Fortinet, which reverse-engineered a Fluhorse sample uploaded to VirusTotal on June 11, 2023, suggest that the malware has progressed, incorporating further sophistication by concealing the encrypted payload in a packer.
“Decryption is performed at the native amount (to harden reverse engineering) applying OpenSSL’s EVP cryptographic API,” Apvrille explained. The encryption algorithm is AES-128-CBC, and its implementation takes advantage of the identical really hard-coded string for the vital and initialization vector (IV).”
The decrypted payload, a ZIP file, consists of in just it a Dalvik executable file (.dex), which is then mounted on the device to pay attention to incoming SMS messages and exfiltrate them to the distant server.
“Reversing Flutter apps statically is a breakthrough for anti-virus scientists, as, unfortunately, additional malicious Flutter apps are predicted to be produced in the long run,” Apvrille claimed.
Discovered this article intriguing? Adhere to us on Twitter and LinkedIn to read extra distinctive content material we article.
Some elements of this report are sourced from:
thehackernews.com