Cybersecurity researchers have shared the interior workings of an Android malware loved ones named Fluhorse.
The malware “signifies a major shift as it incorporates the malicious parts right in just the Flutter code,” Fortinet FortiGuard Labs researcher Axelle Apvrille explained in a report posted last week.
Fluhorse was first documented by Test Level in early May 2023, detailing its attacks on consumers found in East Asia by way of rogue apps masquerading as Etc and VPBank Neo, which are well known in Taiwan and Vietnam. The initial intrusion vector for the malware is phishing.
Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).
➤ Get Mullvad VPN with 12% Discount
The top aim of the application is to steal qualifications, credit card facts, and two-factor authentication (2FA) codes been given as SMS to a remote server underneath the regulate of the threat actors.
The most up-to-date findings from Fortinet, which reverse-engineered a Fluhorse sample uploaded to VirusTotal on June 11, 2023, suggest that the malware has progressed, incorporating further sophistication by concealing the encrypted payload in a packer.
“Decryption is performed at the native amount (to harden reverse engineering) applying OpenSSL’s EVP cryptographic API,” Apvrille explained. The encryption algorithm is AES-128-CBC, and its implementation takes advantage of the identical really hard-coded string for the vital and initialization vector (IV).”
The decrypted payload, a ZIP file, consists of in just it a Dalvik executable file (.dex), which is then mounted on the device to pay attention to incoming SMS messages and exfiltrate them to the distant server.
“Reversing Flutter apps statically is a breakthrough for anti-virus scientists, as, unfortunately, additional malicious Flutter apps are predicted to be produced in the long run,” Apvrille claimed.
Discovered this article intriguing? Adhere to us on Twitter and LinkedIn to read extra distinctive content material we article.
Some elements of this report are sourced from:
thehackernews.com